Incorrect Access Control in Macrozheng Mall-Tiny - Vulnerable Logout Function
CVE-2024-57433
7.5HIGH
What is CVE-2024-57433?
The Macrozheng Mall-Tiny version 1.0.1 contains a security flaw in its logout functionality. After a user logs out, the application fails to securely invalidate the session token. As a result, the token remains active, allowing unauthorized access to sensitive information that should only be available while logged in. This flaw compromises user security and poses significant risks to data integrity.
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved