जमा करें #809885: PublicCMS V5.202506.d sensitive data exposureजानकारी

शीर्षक	PublicCMS V5.202506.d sensitive data exposure
विवरण	PublicCMS contains a pre-auth sensitive data exposure issue in its trade address query APIs. Anonymous users can call the address list and address detail endpoints without any authentication and retrieve other users’ shipping addresses, recipient names, phone numbers, and user IDs by enumerating identifiers. The issue is caused by missing authentication and ownership validation on sensitive trade address directives.
स्रोत	⚠️ https://vulnplus-note.wetolink.com/share/VqmGhijVKGBM
उपयोगकर्ता	vulnplusbot (UID 96250)
सबमिशन	22/04/2026 10:18 AM (1 महीना पहले)
संयम	16/05/2026 12:36 PM (24 days later)
स्थिति	स्वीकृत
VulDB प्रविष्टि	364325 [Sanluan PublicCMS 5.202506.d Trade Address Query TradeAddressListDirective.java execute userId/id कमजोर प्रमाणीकरण]
अंक	19

Interested in the pricing of exploits?

See the underground prices here!