CVE-2026-4563 | MacCMS up to 2025.1000.4052 Member Order Detail Interface User.php order_info order_id authorization

Inserito da Angelo Barbosa | Mar 22, 2026 | CVE

A vulnerability was found in MacCMS up to 2025.1000.4052. It has been classified as problematic. This vulnerability affects the function order_info of the file application/index/controller/User.php of the component Member Order Detail Interface. This manipulation of the argument order_id causes authorization bypass.

The identification of this vulnerability is CVE-2026-4563. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

CVE-2026-4563 | MacCMS up to 2025.1000.4052 Member Order Detail Interface User.php order_info order_id authorization

Post correlati

CVE-2024-8578 | TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 /cgi-bin/cstecgi.cgi setWiFiMeshName device_name buffer overflow

CVE-2025-21380 | Microsoft Marketplace SaaS access control

CVE-2024-58068 | Linux Kernel up to 6.1.128/6.6.75/6.12.12/6.13.1 dev_pm_opp_find_bw_ceil/dev_pm_opp_find_bw_floor null pointer dereference

CVE-2024-10715 | MapPress Maps Plugin up to 2.94.1 on WordPress Map Block cross site scripting