Incorrect Access Control in Macrozheng Mall-Tiny - Vulnerable Logout Function
CVE-2024-57433

7.5HIGH

Key Information:

Vendor: Macrozheng
Status: Mall-Tiny
Vendor: CVE Published:; 31 January 2025

What is CVE-2024-57433?

The Macrozheng Mall-Tiny version 1.0.1 contains a security flaw in its logout functionality. After a user logs out, the application fails to securely invalidate the session token. As a result, the token remains active, allowing unauthorized access to sensitive information that should only be available while logged in. This flaw compromises user security and poses significant risks to data integrity.

References

https://github.com/peccc/restful_vul/blob/main/mall_tiny_...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 31, 2025
Vulnerability Reserved
Jan 9, 2025

CVE-2024-57433 Data

JSON