CVE-2025-4119 – Weitong Mall Product Statistics Handler Improper Access Controls

April 30, 2025

CVE ID : CVE-2025-4119

Published : April 30, 2025, 2:15 p.m. | 2 hours, 42 minutes ago

Description : A vulnerability classified as critical was found in Weitong Mall 1.0.0. This vulnerability affects unknown code of the file /queryTotal of the component Product Statistics Handler. The manipulation of the argument isDelete with the input 1 leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-27134 – Joplin Privilege Escalation Vulnerability

Next Article CVE-2025-4121 – Netgear JWNR2000v2 Command Injection Vulnerability

Highlights

CVE-2025-4542 – Freeebird Hotel Cross-Domain Policy Vulnerability

May 11, 2025

CVE ID : CVE-2025-4542

Published : May 11, 2025, 6:15 p.m. | 2 hours, 14 minutes ago

Description : A vulnerability, which was classified as problematic, has been found in Freeebird Hotel 酒店管理系统 API up to 1.2. Affected by this issue is some unknown functionality of the file /src/main/java/cn/mafangui/hotel/tool/SessionInterceptor.java. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Severity: 3.1 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How To Prevent WordPress SQL Injection Attacks

This week in AI dev tools: Apple’s Foundations Model framework, Mistral’s first reasoning model, and more (June 13, 2025)

Open Talent platforms emerging to match skilled workers to needs, study finds

Java never goes out of style: Celebrating 30 years of the language

The 5 gadgets that got me through marathons and obstacle races (and why they work)

This beastly 500W charger replaced every other charger I had – with six ports to boot

Mac Mini won’t power on? Apple will fix it for you – for free

Why I’m switching to VS Code. Hint: It’s all about AI tool integration

From Concept to Code: Final Year PHP Projects with Reports for Smart Submissions

From Concept to Code: Final Year PHP Projects with Reports for Smart Submissions

Building Construction suppliers in India

Neutralinojs v6.1 released

Microsoft Edge’s Quiet Shift to AVIF: Why It Matters

Microsoft Edge’s Quiet Shift to AVIF: Why It Matters

Windows 11 test builds are accidentally playing the Windows Vista startup sound

Leaked: ROG Xbox Ally and Xbox Ally X pre-orders set for August, launch in October

CVE-2025-4119 – Weitong Mall Product Statistics Handler Improper Access Controls

⚡ Weekly Recap: iPhone Spyware, Microsoft 0-Day, TokenBreak Hack, AI Data Leaks and More

46,000+ Grafana Instances Exposed to Malicious Account Takeover Attacks

How to Install DeepSeek on Ubuntu 24.04 (Locally)

Don’t pay full price for Xbox storage! The best 2TB expansion card for Series X|S is enjoying a massive discount at Amazon

CVE-2025-5356 – FreeFloat FTP Server BYE Command Handler Buffer Overflow Vulnerability

THUDM Releases GLM 4: A 32B Parameter Model Competing Head-to-Head with GPT-4o and DeepSeek-V3

CVE-2025-4542 – Freeebird Hotel Cross-Domain Policy Vulnerability

CVE-2025-27818 – Apache Kafka LdapLoginModule Deserialization Vulnerability

CVE-2025-5631 – Content Management System and News-Buzz SQL Injection Vulnerability

Google fixes actively exploited FreeType flaw on Android

CVE-2025-4119 – Weitong Mall Product Statistics Handler Improper Access Controls

Related Posts