Macrozheng: >> Mall-Tiny Security Vulnerabilities
In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authentication, which triggers a denial-of-service attack and service restart failure.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-01-31
macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still available and fetches information in the logged-in state.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-01-31
macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control. The project imports users by default, and the test user is made a super administrator.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-01-31