CVE-2026-10070 | macrozheng mall up to 1.0.3 Super Admin Password /admin/update/ improper authorization (Issue 970)

A vulnerability was found in macrozheng mall up to 1.0.3. It has been classified as critical. This affects an unknown function of the file /admin/update/ of the component Super Admin Password Handler. Performing a manipulation results in improper authorization.

This vulnerability is known as CVE-2026-10070. Remote exploitation of the attack is possible. No exploit is available.

The vendor deleted the GitHub issue for this vulnerability without any explanation. Afterwards the vendor was contacted early about this disclosure via email but did not respond in any way.

CVE-2026-10070 | macrozheng mall up to 1.0.3 Super Admin Password /admin/update/ improper authorization (Issue 970)

Post correlati

CVE-2025-10107 | TRENDnet TEW-831DR 1.0 (601.130.1.1410) /boafrm/formSysCmd sysHost command injection

CVE-2025-30761 | Oracle Java SE/GraalVM Enterprise Edition Scripting Remote Code Execution

CVE-2024-2064 | rahman SelectCours 1.0 Template CacheController.java getCacheNames fragment injection

CVE-2024-1915 | Mitsubishi Electric MELSEC-Q/MELSEC-L Packet incorrect pointer scaling (icsa-24-074-14)