CVE-2025-13118 | macrozheng mall-swarm up to 1.0.3 /order/paySuccess orderID improper authorization

Inserito da Angelo Barbosa | Nov 13, 2025 | CVE

A vulnerability was found in macrozheng mall-swarm up to 1.0.3 and classified as critical. Affected by this issue is the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderID results in improper authorization.

This vulnerability is reported as CVE-2025-13118. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-13118 | macrozheng mall-swarm up to 1.0.3 /order/paySuccess orderID improper authorization

Post correlati

CVE-2024-49605 | Avchat.net AVChat Video Chat Plugin up to 2.2 on WordPress cross-site request forgery

CVE-2024-8685 | KUNBUS Revolution Pi 2022-07-28-revpi-buster getFileList.php dir path traversal

CVE-2025-6243 | Ruckus Virtual SmartZone/Network Director SSH Public Key hard-coded key

CVE-2024-13190 | ZeroWdd myblog 1.0 BlogMapper.xml findBlogList/getTotalBlogs xml injection