CVE-2025-4119

MEDIUM Year: 2025
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-266
View all →

Vulnerability Description

A vulnerability classified as critical was found in Weitong Mall 1.0.0. This vulnerability affects unknown code of the file /queryTotal of the component Product Statistics Handler. The manipulation of the argument isDelete with the input 1 leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Related Vulnerabilities

CVE-2019-14819

HIGH
CVSS:7.5(High)

A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the u...

CWE-2662019

CVE-2021-47241

HIGH
CVSS:7.5(High)

In the Linux kernel, the following vulnerability has been resolved: ethtool: strset: fix message length calculation Outer nest for ETHTOOL_A_STRSET_STRINGSETS is not accounted for. This may result in ...

CWE-2662021

CVE-2022-3436

HIGH
CVSS:7.5(High)

A vulnerability classified as critical was found in SourceCodester Web-Based Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file edit-photo.php of the ...

CWE-2662022

CVE-2022-4280

HIGH
CVSS:7.5(High)

A vulnerability, which was classified as problematic, has been found in Dot Tech Smart Campus System. Affected by this issue is some unknown functionality of the file /services/Card/findUser. The mani...

CWE-2662022

CVE-2023-5077

HIGH
CVSS:7.5(High)

The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0.

CWE-2662023

CVE-2024-23794

HIGH
CVSS:7.5(High)

An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access t...

CWE-2662024