Back to overview

CVE-2026-15909

MEDIUM
6.3
CVSS 3.1
Description
A vulnerability has been found in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected is an unknown function of the file proses/add.php. The manipulation of the argument kd_cs leads to authorization bypass. The attack is possible to be carried out remotely. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way.

Metadata

CVE ID
CVE-2026-15909
State
PUBLISHED
Assigner
VulDB
Reserved
2026-07-15 19:22 UTC
Published
2026-07-16 00:15 UTC
Last updated
2026-07-16 00:15 UTC
Primary CWE
CWE-639
Authorization Bypass
Vendor / Product
RafyMrX / TOKO-ONLINE-ROTI
Sources
cve.org  ·  NVD

Severity & Metrics

6.3 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R
Affected products (1)
VendorProductPlatformVersions
RafyMrX TOKO-ONLINE-ROTI ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99
Weakness (CWE)
CWESourceDescription
CWE-285 cna Improper Authorization
CWE-639 cna Authorization Bypass
CVSS scores (4)
ScoreSeverityVersionSourceVector
6.5 N/D 2.0 cna AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR
6.3 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R
6.3 MEDIUM 3.0 cna CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R
5.3 MEDIUM 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
References (4)
Back to overview