A significant vulnerability has been identified in Macrozheng Mall versions up to 1.0.3. This vulnerability resides in the UmsMemberController.java file, where improper handling of the orderId argument can lead to unauthorized access to user functions. The flaw is exploitable remotely, posing a substantial risk to users. Although early disclosure attempts were made to the vendor regarding this issue, no response has been received. The potential for exploitation has been acknowledged publicly, necessitating immediate attention and remediation.
https://securityvulnerability.io/vulner ... -2025-8755