Authorization Bypass in RafyMrX TOKO-ONLINE-ROTI Software
CVE-2026-15909

5.3MEDIUM

Key Information:

Vendor

Rafymrx

Vendor
CVE Published:
16 July 2026

What is CVE-2026-15909?

A vulnerability exists in RafyMrX TOKO-ONLINE-ROTI, where improper authorization checks in the file proses/add.php can be exploited. This issue allows attackers to manipulate the argument 'kd_cs', leading to unauthorized access. Given the software's rolling release strategy, specific version numbers for affected or updated releases are not provided. Despite reaching out to the vendor for comment, no response has been received regarding this security concern.

Affected Version(s)

TOKO-ONLINE-ROTI ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dest1ny_2 (VulDB User)
VulDB CNA Team
.