Authorization Bypass in RafyMrX TOKO-ONLINE-ROTI Software
CVE-2026-15909
5.3MEDIUM
What is CVE-2026-15909?
A vulnerability exists in RafyMrX TOKO-ONLINE-ROTI, where improper authorization checks in the file proses/add.php can be exploited. This issue allows attackers to manipulate the argument 'kd_cs', leading to unauthorized access. Given the software's rolling release strategy, specific version numbers for affected or updated releases are not provided. Despite reaching out to the vendor for comment, no response has been received regarding this security concern.
Affected Version(s)
TOKO-ONLINE-ROTI ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99
