CVE-2025-0331 | YunzMall up to 2.4.2 HTTP POST Request ResetpwdController.php changePwd pwd password recovery

A vulnerability, which was classified as critical, has been found in YunzMall up to 2.4.2. This issue affects the function changePwd of the file /app/platform/controllers/ResetpwdController.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to weak password recovery.

The identification of this vulnerability is CVE-2025-0331. The attack may be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-0331 | YunzMall up to 2.4.2 HTTP POST Request ResetpwdController.php changePwd pwd password recovery

Related Posts

CVE-2024-34048 | O-RAN RIC I-Release e2mgr E2nodeConfigUpdateNotificationHandler array index

CVE-2024-3973 | House Manager Plugin up to 1.0.8.4 on WordPress cross site scripting

CVE-2023-49678 | Kashipara Group Job Portal 1.0 Employer/InsertJob.php txtDesc sql injection

CVE-2021-47289 | Linux Kernel up to 5.4.138/5.10.56/5.13.5 ACPI for_each_acpi_dev_match null pointer dereference