CVE-2025-13115
BaseFortify
Publication date: 2025-11-13
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| macrozheng | mall | to 1.0.3 (inc) |
| macrozheng | mall-swarm | to 1.0.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a security flaw in macrozheng mall-swarm up to version 1.0.3, specifically in the Order Details Handler component's /order/detail/ function. By manipulating the argument 'orderId', an attacker can bypass proper authorization checks. The attack can be performed remotely, and an exploit has already been publicly released.
How can this vulnerability impact me? :
The vulnerability allows unauthorized access to order details by manipulating the orderId parameter. This could lead to exposure of sensitive order information to unauthorized users, potentially compromising user privacy and trust.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability could negatively impact compliance with standards like GDPR and HIPAA because it allows unauthorized access to potentially sensitive personal or order information, which may violate data protection and privacy requirements.