macrozheng Mall-Tiny Incorrect Access Control Vulnerability in Logout Function

Vulnerability

A vulnerability exists in macrozheng mall-tiny version 1.0.1, related to improper access control in the logout function. After a user logs out, their token remains active and can still retrieve information as if the user were logged in.

Impact

Exploitation of this vulnerability allows for session fixation, where a logged-out user's token can be used to access information as if they were still logged in.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

macrozheng Mall-Tiny Incorrect Access Control Vulnerability in Logout Function

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating