CNNVD-202512-595 Information
Dec 05, 2025
cve
CNNVD ID
CNNVD-202512-595
Related CVE
- CNNVD Published: 2025-12-05
Description (Chinese)
youlai-mall是youlaitech开源的一个全栈商城系统。 youlai-mall 1.0.0版本和2.0.0版本存在访问控制错误漏洞,该漏洞源于对文件/mall-ums/app-api/v1/members中参数memberId的错误操作,可能导致访问控制不当。
Description (English)
Youlai-mall is an all-storey mall system from the open source of youlaitech. Youlai-mall Versions 1.0.0 and 2.0.0 have access control bugs, which stem from the error in the application of the parameter memberId in the document/mall-ums/app-api/v1/members, which may lead to inappropriate access controls.
Hazard Level
High
Vulnerability Type
访问控制错误
Affected Vendor
youlaitech
Published
2025-12-05
Last Modified
2026-02-24
References
https://github.com/Hwwg/cve/issues/21 https://vuldb.com/?ctiid.334368 https://vuldb.com/?id.334368 https://vuldb.com/?submit.694854
Share on: