CNNVD-202512-4762 Information

CNNVD ID

CNNVD-202512-4762

Related CVE

CVE-2025-15085

• CNNVD Published: 2025-12-25

Description (Chinese)

youlai-mall是youlaitech开源的一个全栈商城系统。 youlai-mall 1.0.0版本和2.0.0版本存在授权问题漏洞，该漏洞源于Balance Handler组件文件mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java中函数deductBalance存在授权不当。

Description (English)

Youlai-mall is an all-storey mall system from the open source of youlaitech. There is a mandate gap in versions 1.0.0 and 2.0.0 of yourlai-mall, which stems from the inappropriate authorization of the character Balance in the Balance Handler component file mall-ums/ums-boot/src/main/java/com/youulai/mall/ums/controller/app/MemberController.java.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

youlaitech

Published

2025-12-25

Last Modified

2026-02-24

References

https://vuldb.com/?submit.708175 https://github.com/Hwwg/cve/issues/26 https://vuldb.com/?ctiid.338413 https://vuldb.com/?id.338413 https://access.redhat.com/security/cve/cve-2025-15085