CVE-2025-13118 | macrozheng mall-swarm up to 1.0.3 /order/paySuccess orderID improper authorization

A vulnerability was found in macrozheng mall-swarm up to 1.0.3 and classified as critical. Affected by this issue is the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderID results in improper authorization.

This vulnerability is reported as CVE-2025-13118. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More