CVE-2026-10070
MEDIUMmacrozheng mall Super Admin Password update improper authorization
Title source: cnaDescription
A vulnerability was found in macrozheng mall up to 1.0.3. This affects an unknown function of the file /admin/update/ of the component Super Admin Password Handler. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The vendor deleted the GitHub issue for this vulnerability without any explanation. Afterwards the vendor was contacted early about this disclosure via email but did not respond in any way.
References (5)
Core 5
Core References
Vdb Entry vdb-entry
VDB-367156 | macrozheng mall Super Admin Password update improper authorization
https://vuldb.com/vuln/367156
Signature, Permissions Required signature
permissions-required
VDB-367156 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/367156/cti
Third Party Advisory third-party-advisory
Submit #818384 | mall 1.0.3 Improper Access Controls
https://vuldb.com/submit/818384
Issue Tracking issue-tracking
https://github.com/macrozheng/mall/issues/970
Product product
https://github.com/macrozheng/mall/
Scores
CVSS v3
4.7
EPSS
0.0022
EPSS Percentile
12.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-266
CWE-285
Status
published
Products (4)
macrozheng/mall
1.0.0
macrozheng/mall
1.0.1
macrozheng/mall
1.0.2
macrozheng/mall
1.0.3
Published
May 29, 2026
Tracked Since
May 29, 2026