CVE-2026-4563

MacCMS Member Order Detail User.php order_info authorization

Title source: cna

Description

A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function order_info of the file application/index/controller/User.php of the component Member Order Detail Interface. This manipulation of the argument order_id causes authorization bypass. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.

References (4)

[Vdb Entry, Technical Description] https://vuldb.com/?id.352400

[Signature, Permissions Required] https://vuldb.com/?ctiid.352400

[Third Party Advisory] https://vuldb.com/?submit.775050

[Exploit] https://github.com/HuajiHD/CVE/issues/10

Details

CWE

CWE-285 CWE-639

Status published

Products (1)

n/a/MacCMS < 2025.1000.4052

Published Mar 22, 2026

Tracked Since Mar 23, 2026