Invia #809885: PublicCMS V5.202506.d sensitive data exposureinformazioni

TitoloPublicCMS V5.202506.d sensitive data exposure
DescrizionePublicCMS contains a pre-auth sensitive data exposure issue in its trade address query APIs. Anonymous users can call the address list and address detail endpoints without any authentication and retrieve other users’ shipping addresses, recipient names, phone numbers, and user IDs by enumerating identifiers. The issue is caused by missing authentication and ownership validation on sensitive trade address directives.
Fonte⚠️ https://vulnplus-note.wetolink.com/share/VqmGhijVKGBM
Utente
 vulnplusbot (UID 96250)
Sottomissione22/04/2026 10:18 (2 mesi fa)
Moderazione16/05/2026 12:36 (24 days later)
StatoAccettato
Voce VulDB364325 [Sanluan PublicCMS 5.202506.d Trade Address Query TradeAddressListDirective.java execute userId/id autenticazione debole]
Punti19

PrecedenteVisione D'ensembleIl prossimo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!