CVE-2024-57432

High CVSS: 7.5

macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for subsequent privilege management, making it is possible to forge the JWT of any user to achieve authentication bypass.

Vendor

Macrozheng

Product

Mall-tiny

CWE

CWE-287

Yayın Tarihi

2025-01-31 17:15:15

Güncelleme

2025-09-02 21:26:04

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-287 Mall-tiny HIGH Macrozheng 2025

Referanslar

https://github.com/peccc/restful_vul/blob/main/mall_tiny_weak_jwt/mall_tiny_weak_jwt.md

Benzer Kayıtlar

Critical

CVE-2026-25858

macrozheng mall version 1.0.3 and prior contains an authentication vulnerability in the mall-portal password reset workf…

Medium

CVE-2025-15118

A security vulnerability has been detected in macrozheng mall up to 1.0.3. This vulnerability affects unknown code of th…

Medium

CVE-2025-14016

A security vulnerability has been detected in macrozheng mall-swarm up to 1.0.3. Affected is the function delete of the…

Medium

CVE-2025-13443

A vulnerability was detected in macrozheng mall up to 1.0.3. Affected by this issue is the function delete of the file /…

Medium

CVE-2025-13117

A security vulnerability has been detected in macrozheng mall-swarm and mall up to 1.0.3. Affected by this vulnerability…

Medium

CVE-2025-13118

A vulnerability was detected in macrozheng mall-swarm and mall up to 1.0.3. Affected by this issue is the function paySu…