Filtered by vendor Macrozheng
Subscribe
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-57433 | 1 Macrozheng | 1 Mall-tiny | 2025-04-22 | N/A | 7.5 HIGH |
| macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still available and fetches information in the logged-in state. | |||||
| CVE-2024-57434 | 1 Macrozheng | 1 Mall-tiny | 2025-04-22 | N/A | 8.8 HIGH |
| macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control. The project imports users by default, and the test user is made a super administrator. | |||||
| CVE-2024-57435 | 1 Macrozheng | 1 Mall-tiny | 2025-04-22 | N/A | 6.5 MEDIUM |
| In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authentication, which triggers a denial-of-service attack and service restart failure. | |||||