CVE-2024-57433

High CVSS: 7.5

macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still available and fetches information in the logged-in state.

Vendor

Macrozheng

Product

Mall-tiny

CWE

CWE-284

Yayın Tarihi

2025-01-31 22:15:12

Güncelleme

2025-04-22 15:32:09

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-284 Mall-tiny HIGH Macrozheng 2025

Referanslar

https://github.com/peccc/restful_vul/blob/main/mall_tiny_logout_failed/mall_tiny_logout_failed.md

Benzer Kayıtlar

Critical

CVE-2026-25858

macrozheng mall version 1.0.3 and prior contains an authentication vulnerability in the mall-portal password reset workf…

Medium

CVE-2025-15118

A security vulnerability has been detected in macrozheng mall up to 1.0.3. This vulnerability affects unknown code of th…

Medium

CVE-2025-14016

A security vulnerability has been detected in macrozheng mall-swarm up to 1.0.3. Affected is the function delete of the…

Medium

CVE-2025-13443

A vulnerability was detected in macrozheng mall up to 1.0.3. Affected by this issue is the function delete of the file /…

Medium

CVE-2025-13117

A security vulnerability has been detected in macrozheng mall-swarm and mall up to 1.0.3. Affected by this vulnerability…

Medium

CVE-2025-13118

A vulnerability was detected in macrozheng mall-swarm and mall up to 1.0.3. Affected by this issue is the function paySu…