CVE-2025-14016 | macrozheng mall-swarm up to 1.0.3 delete ids improper authorization

Inserito da Angelo Barbosa | Dic 4, 2025 | CVE

A vulnerability was found in macrozheng mall-swarm up to 1.0.3. It has been declared as critical. Affected is the function delete of the file /member/readHistory/delete. Such manipulation of the argument ids leads to improper authorization.

This vulnerability is documented as CVE-2025-14016. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-14016 | macrozheng mall-swarm up to 1.0.3 delete ids improper authorization

Post correlati

CVE-2024-32999 | Huawei HarmonyOS/EMUI OS Security Module logic error

CVE-2023-29962 | S-CMS 5.0 path traversal

CVE-2023-48903 | Tramyardg Autoexpress 1.3.0 uploadCarImages.php within cross site scripting (ID 177662)

CVE-2024-30405 | Juniper Junos OS up to 23.2R1 on SRX5000 ALG buffer size (JSA79105)