Primary

Context

macrozheng mall-swarm Improper Authorization Vulnerability in Read History Deletion

Vulnerability

A vulnerability allowing improper authorization has been identified in macrozheng mall-swarm versions through 1.0.3. The issue arises in the delete function of the /member/readHistory/delete endpoint, where the ids parameter can be manipulated to delete read history entries of other users without authorization. This vulnerability can be exploited remotely, leading to unauthorized deletion of user data.

Impact

Exploitation of this vulnerability allows for unauthorized deletion of read history entries, disrupting access controls and integrity of user data.

Reproduction

To reproduce this vulnerability, log in as a user and capture the request made when deleting read history. Modify the ids parameter to include IDs from another user and send the request. The read history for the other user will be deleted without authorization.

Added: Dec 4, 2025, 7:21 PM

Updated: Dec 4, 2025, 7:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.6

remediation

0.0

relevance

1.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.6

remediation

0.0

relevance

1.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

macrozheng mall-swarm Improper Authorization Vulnerability in Read History Deletion

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating