CVE-2025-15582

high

Published 2026-02-20 · Modified 2026-04-29

CVSS v3

8.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CVSS v2

5.5

VIR risk

8.1

Description

A security flaw has been discovered in detronetdip E-commerce 1.0.0. The impacted element is the function Delete/Update of the component Product Management Module. Performing a manipulation of the argument ID results in authorization bypass. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Predictions

Exploit likelihood

88%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cna@vuldb.com — https://github.com/detronetdip/E-commerce/issues/23

vendor Authored 2026-05-27

Vendor advisory: cna@vuldb.com — https://github.com/Nixon-H/Ecommerce-IDOR-Product-Manipulation

Application impact

Vendor	Product	Versions	Fixed
detronetdip	e-commerce	`1.0.0`

References

CWEs

CWE-285 CWE-639

Verify integrity in audit chain (admin only). AS-IS.