Submeter #641729: macrozheng mall ≤ v1.0.3 IDORinformação

Título	macrozheng mall ≤ v1.0.3 IDOR
Descrição	In mall versions up to v1.0.3, the /order/cancelUserOrder endpoint contains a horizontal privilege escalation vulnerability. This allows a user to cancel another user’s order, leading to unauthorized operations.
Fonte	⚠️ https://github.com/ez-lbz/poc/issues/46
Utilizador	ez-lbz (UID 87033)
Submissão	26/08/2025 09h27 (há 10 meses)
Moderação	02/09/2025 14h49 (7 days later)
Estado	Aceite
Entrada VulDB	322182 [macrozheng mall até 1.0.3 /order/cancelUserOrder cancelOrder orderId Elevação de Privilégios]
Pontos	16

Want to stay up to date on a daily basis?

Enable the mail alert feature now!