| タイトル | MacCMS 2025.1000.4052 Authorization Bypass |
|---|
| 説明 | MacCMS v10 (maccms10-2025.1000.4052) contains an insecure direct object reference (IDOR) vulnerability in the member order detail interface.
The order detail endpoint in application/index/controller/User.php retrieves order information using only the order_id parameter without verifying that the order belongs to the currently authenticated user. Although the order list endpoint correctly restricts results by user_id, the order_info() function fails to enforce this ownership check.
As a result, any authenticated user can access other users' order information by providing a different order_id value. For example:
GET /index.php/user/order_info?order_id=2
An attacker logged in as one user can enumerate order identifiers and retrieve sensitive business data such as order codes, prices, remarks, and associated user identifiers belonging to other users.
This issue represents an authorization bypass through user-controlled key (CWE-639). |
|---|
| ソース | ⚠️ https://github.com/HuajiHD/CVE/issues/10 |
|---|
| ユーザー | HuajiHD (UID 96230) |
|---|
| 送信 | 2026年03月08日 09:40 (3 月 ago) |
|---|
| モデレーション | 2026年03月22日 09:20 (14 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 352400 [MacCMS 迄 2025.1000.4052 Member Order Detail Interface User.php order_info order_id 特権昇格] |
|---|
| ポイント | 20 |
|---|