CVE-2026-15186 | macrozheng mall up to 1.0.3 Portal Endpoint /returnApply/create orderId resource injection (Issue 977)
A vulnerability was found in macrozheng mall up to 1.0.3. It has been rated as critical. This impacts an unknown function of the file /returnApply/create of the component Portal Endpoint. The manipulation of the argument orderId leads to improper control of resource identifiers.
This vulnerability is documented as CVE-2026-15186. The attack can be initiated remotely. Additionally, an exploit exists.
The vendor deleted the GitHub issue for this vulnerability without any explanation.VulDB Recent EntriesRead More