CVE-2025-45612

Critical CVSS: 9.8

Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index.

Vendor

Product

CWE

Yayın Tarihi

2025-05-05 20:15:20

Güncelleme

2025-06-16 20:00:50

Source Identifier

cve@mitre.org

KEV Date Added

CWE-284 Xmall CRITICAL Exrick 2025

https://github.com/Exrick/xmall/issues/96

High

CVE-2023-36331

Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users'…

Medium

CVE-2025-65540

Multiple Cross-Site Scripting (XSS) vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data.…

Medium

CVE-2025-8527

A vulnerability was found in Exrick xboot up to 3.3.4. It has been rated as critical. This issue affects some unknown pr…

Medium

CVE-2025-8528

A vulnerability classified as problematic has been found in Exrick xboot up to 3.3.4. Affected is an unknown function of…

Medium

CVE-2025-8526

A vulnerability was found in Exrick xboot up to 3.3.4. It has been declared as critical. This vulnerability affects the…

Medium

CVE-2025-8525

A vulnerability was found in Exrick xboot up to 3.3.4. It has been classified as problematic. This affects an unknown pa…