CNNVD-202512-4756 Information

CNNVD ID

CNNVD-202512-4756

Related CVE

CVE-2025-15087

• CNNVD Published: 2025-12-25

Description (Chinese)

youlai-mall是youlaitech开源的一个全栈商城系统。 youlai-mall 1.0.0版本和2.0.0版本存在授权问题漏洞，该漏洞源于文件mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java中函数submitOrderPayment对参数orderSn的错误操作导致授权不当。

Description (English)

Youlai-mall is an all-storey mall system from the open source of youlaitech. There is a mandate gap in yourlai-mall Versions 1.0.0 and 2.0.0, which stems from the misperformation of the document mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java function submit OrderPayment to parameter orderSn.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

youlaitech

Published

2025-12-25

Last Modified

2026-02-24

References

https://github.com/Hwwg/cve/issues/30 https://vuldb.com/?submit.708180 https://vuldb.com/?ctiid.338415 https://vuldb.com/?id.338415 https://access.redhat.com/security/cve/cve-2025-15087