CVE-2023-36331

High CVSS: 8.2

Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via manipulation of the query parameter userId.

Vendor

Exrick

Product

Xmall

CWE

CWE-639

Yayın Tarihi

2026-01-12 20:15:52

Güncelleme

2026-01-22 21:09:43

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-639 Xmall HIGH Exrick 2026

Referanslar

https://github.com/Exrick/xmall/issues/100

Benzer Kayıtlar

Medium

CVE-2025-65540

Multiple Cross-Site Scripting (XSS) vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data.…

Medium

CVE-2025-8527

A vulnerability was found in Exrick xboot up to 3.3.4. It has been rated as critical. This issue affects some unknown pr…

Medium

CVE-2025-8528

A vulnerability classified as problematic has been found in Exrick xboot up to 3.3.4. Affected is an unknown function of…

Medium

CVE-2025-8526

A vulnerability was found in Exrick xboot up to 3.3.4. It has been declared as critical. This vulnerability affects the…

Medium

CVE-2025-8525

A vulnerability was found in Exrick xboot up to 3.3.4. It has been classified as problematic. This affects an unknown pa…

Critical

CVE-2025-45612

Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index.