Incorrect Access Control in Macrozheng Mall-Tiny 1.0.1
CVE-2024-57434

8.8HIGH

Key Information:

Vendor: Macrozheng
Status: mall-tiny
Vendor: CVE Published:; 31 January 2025

What is CVE-2024-57434?

The Macrozheng Mall-Tiny version 1.0.1 presents an incorrect access control vulnerability. By default, the application imports users and assigns a test user elevated privileges as a super administrator. This misconfiguration could allow unauthorized access and actions within the system, posing a significant security risk. It is imperative for users of this version to assess the configurations and implement necessary controls to mitigate potential exploitation.

References

https://github.com/peccc/restful_vul/blob/main/mall_tiny_...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 31, 2025
Vulnerability Reserved
Jan 9, 2025

JSON