CVE-2025-13443

MEDIUM

Macrozheng Mall < 1.0.3 - Improper Access Control

Title source: rule

Description

A vulnerability was detected in macrozheng mall up to 1.0.3. Affected by this issue is the function delete of the file /member/readHistory/delete. Performing manipulation of the argument ids results in improper access controls. Remote exploitation of the attack is possible. The exploit is now public and may be used.

References (4)

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.333016

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.333016

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.690892

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/Hwwg/cve/issues/15

Scores

CVSS v3 5.4

EPSS 0.0003

EPSS Percentile 8.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-266 CWE-284

Status published

Products (1)

macrozheng/mall < 1.0.3

Published Nov 20, 2025

Tracked Since Feb 18, 2026