Skip to main content
Loading…
    CVE-2023-36331 — Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via manipulation of the query parameter userId. — CVE Database · The Intelligence Room