CVE-2023-36331 | xmall 1.1 Query Parameter /member/orderList userId access control (Issue 100)

A vulnerability, which was classified as critical, was found in xmall 1.1. This vulnerability affects unknown code of the file /member/orderList of the component Query Parameter Handler. Executing a manipulation of the argument userId can lead to improper access controls.

This vulnerability is tracked as CVE-2023-36331. The attack can be launched remotely. No exploit exists.VulDB Recent EntriesRead More