Improper Control of Resource Identifiers in Macrozheng Mall by Macrozheng
CVE-2026-15186
5.3MEDIUM
What is CVE-2026-15186?
A vulnerability has been identified in the macrozheng mall, specifically within versions up to 1.0.3, affecting the Portal Endpoint. This issue arises from improper control of resource identifiers through the manipulation of the argument 'orderId' in the /returnApply/create function. The vulnerability allows remote attackers to initiate exploits, potentially leading to unauthorized access and resource exposure. Notably, the GitHub issue reporting this vulnerability was deleted by the vendor without an explanation, raising concerns over transparency and user safety. The exploit for this vulnerability is publicly available, heightening the urgency for users to address it.
Affected Version(s)
mall 1.0.0
mall 1.0.1
mall 1.0.2
