CVE-2026-15186

medium

Description

A vulnerability was identified in macrozheng mall up to 1.0.3. This impacts an unknown function of the file /returnApply/create of the component Portal Endpoint. The manipulation of the argument orderId leads to improper control of resource identifiers. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor deleted the GitHub issue for this vulnerability without any explanation.

References

https://vuldb.com/vuln/377112/cti

https://vuldb.com/vuln/377112

https://vuldb.com/submit/851347

https://vuldb.com/cve/CVE-2026-15186

https://github.com/macrozheng/mall/issues/977

https://github.com/macrozheng/mall/

Details

Source: Mitre, NVD

Published: 2026-07-09

Updated: 2026-07-09

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.3

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Severity: Medium

CVSS v4

Base Score: 5.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Medium