LOW🇵🇱 Wersja polska

CVE-2024-11619

CVSS 2.3v4.0pub. 2024-11-22upd. 2025-09-04

A vulnerability, which was classified as problematic, has been found in macrozheng mall up to 1.0.3. Affected by this issue is some unknown functionality of the component JWT Token Handler. The manipulation leads to use of default cryptographic key. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. Instead the issue posted on GitHub got deleted without any explanation.

CVSS Vector
CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Macrozheng Mall

    APP
    Macrozheng
    ≤ 1.0.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-25858CRITICAL9.3PL ✓ten sam produkt

Macrozheng Mall – nieuwierzytelnione przejęcie konta przez ujawnienie OTP

CVE-2025-9514MEDIUM6.3ten sam produkt

A vulnerability has been found in macrozheng mall up to 1.0.3. This impacts an unknown function of the compone...

CVE-2025-8755MEDIUM5.5ten sam produkt

A vulnerability was found in macrozheng mall up to 1.0.3 and classified as problematic. This issue affects the...

CVE-2025-8742MEDIUM6.3ten sam produkt

A vulnerability was found in macrozheng mall 1.0.3. It has been rated as problematic. Affected by this issue i...

CVE-2025-15118LOW2.1ten sam produkt

W macrozheng mall do wersji 1.0.3 wykryto lukę bezpieczeństwa dotyczącą nieznanego kodu w pliku /member/addres...