Is PHP affected by EUVD-2026-14339?

Organizations using MacCMS should be aware of moderate risk from CVE-2026-4563 rated CVSS 4.3. Exploitation could compromise the security of affected deployments. Organizations should apply vendor updates when available and monitor for exploitation.

EUVD-2026-14339

| CVE-2026-4563 MEDIUM

2026-03-23 [email protected]

GHSA-3f5x-pcjq-3pww

4.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 23, 2026 - 00:22 vuln.today

EUVD ID Assigned

Mar 23, 2026 - 00:22 euvd

EUVD-2026-14339

CVE Published

Mar 23, 2026 - 00:16 nvd

MEDIUM 4.3

Description

A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function order_info of the file application/index/controller/User.php of the component Member Order Detail Interface. This manipulation of the argument order_id causes authorization bypass. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.

Analysis

An authorization bypass vulnerability exists in MacCMS up to version 2025.1000.4052 within the Member Order Detail Interface component, specifically in the order_info function of application/index/controller/User.php. An authenticated attacker can manipulate the order_id parameter to access order information belonging to other users, disclosing sensitive data. …

Remediation

Within 30 days: Identify affected systems running MacCMS and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +22

POC: 0

EUVD-2026-14339 vulnerability details – vuln.today

Back

EUVD-2026-14339

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-14339

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code