CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-13118

A vulnerability was detected in macrozheng mall-swarm and mall up to 1.0.3. Affected by this issue is the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderID results in improper authorization. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 14.6%

CVSS Severity

CVSS v3 Score 6.3

CVSS v2 Score 6.5

References

https://github.com/Hwwg/cve/issues/14
https://github.com/Hwwg/cve/issues/9
https://vuldb.com/?ctiid.332323
https://vuldb.com/?id.332323
https://vuldb.com/?submit.683345
https://vuldb.com/?submit.686531
https://github.com/Hwwg/cve/issues/9

Products affected by CVE-2025-13118

Macrozheng » Mall-Swarm » Version: Any

cpe:2.3:a:macrozheng:mall-swarm:*
Macrozheng » Mall » Version: Any

cpe:2.3:a:macrozheng:mall:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-13118

Products

Pricing

Contact Us