CVE-2025-28399

Critical CVSS: 9.8

An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class.

Vendor

Exrick

Product

Xmall

CWE

CWE-269

Yayın Tarihi

2025-04-15 19:16:07

Güncelleme

2025-04-25 16:53:50

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-269 Xmall CRITICAL Exrick 2025

Referanslar

https://github.com/20210607/cve_public/blob/main/CVE-2025-28399.md

Benzer Kayıtlar

High

CVE-2023-36331

Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users'…

Medium

CVE-2025-65540

Multiple Cross-Site Scripting (XSS) vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data.…

Medium

CVE-2025-8527

A vulnerability was found in Exrick xboot up to 3.3.4. It has been rated as critical. This issue affects some unknown pr…

Medium

CVE-2025-8528

A vulnerability classified as problematic has been found in Exrick xboot up to 3.3.4. Affected is an unknown function of…

Medium

CVE-2025-8526

A vulnerability was found in Exrick xboot up to 3.3.4. It has been declared as critical. This vulnerability affects the…

Medium

CVE-2025-8525

A vulnerability was found in Exrick xboot up to 3.3.4. It has been classified as problematic. This affects an unknown pa…