CVE-2025-15085

A security flaw has been discovered in youlaitech youlai-mall 1.0.0/2.0.0. This affects the function deductBalance of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java of the component Balance Handler. The manipulation results in improper...

CVE-2025-15085

CVE-2025-15085 affects youlaitech youlai-mall versions 1.0.0–2.0.0 in the Balance Handler component. The issue resides in the function deductBalance inside mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java, causing improper authorization . The description st...

youlai-mall 授权问题漏洞

youlai-mall is a full-stack mall system by youlaitech open source. Authorization issue vulnerability exists in youlai-mall version 1.0.0 and 2.0.0, which stems from the Balance Handler component file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/ The function deductBalance in...

PT-2025-53408

Name of the Vulnerable Software and Affected Versions youlaitech youlai-mall versions 1.0.0 through 2.0.0 Description A security flaw exists in youlaitech youlai-mall. The issue involves improper authorization within the Balance Handler component. Specifically, the deductBalance function, located...

youlai-mall 访问控制错误漏洞

youlai-mall is a full-stack mall system by youlaitech open source. An access control error vulnerability exists in youlai-mall version 1.0.0 and 2.0.0, which originates from the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController. The function getMemberByMobil...

EUVD-2025-24050

Malicious code in bioql PyPI...

CVE-2025-8755

A vulnerability was found in macrozheng mall up to 1.0.3 and classified as problematic. This issue affects the function detail of the file UmsMemberController.java of the component com.macro.mall.portal.controller. The manipulation of the argument orderId leads to authorization bypass. The attack...

CVE-2025-8755

A vulnerability was found in macrozheng mall up to 1.0.3 and classified as problematic. This issue affects the function detail of the file UmsMemberController.java of the component com.macro.mall.portal.controller. The manipulation of the argument orderId leads to authorization bypass. The attack...

CVE-2025-8755 macrozheng mall com.macro.mall.portal.controller UmsMemberController.java detail authorization

A vulnerability was found in macrozheng mall up to 1.0.3 and classified as problematic. This issue affects the function detail of the file UmsMemberController.java of the component com.macro.mall.portal.controller. The manipulation of the argument orderId leads to authorization bypass. The attack...

CVE-2025-0410

A vulnerability classified as critical was found in liujianview gymxmjpa 1.0. This vulnerability affects the function MenberDaoInpl of the file src/main/java/com/liujian/gymxmjpa/controller/MenberConntroller.java. The manipulation of the argument hyname leads to sql injection. The attack can be...

CSZ CMS SQL注入漏洞

CSZ CMS is a PHP-based open-source content management system CMS.A SQL injection vulnerability exists in CSZ CMS 1.2.9, which can be exploited by attackers via cszcms/controllers/Member.php...

HDCMS内容管理系统 spacecontroller.class.php 参数username SQL注入漏洞

0x01漏洞简介 HDCMS内容管理系统在文件spacecontroller.class.php处的参数username存在SQL注入漏洞。 0x02漏洞详情 member/controller/spacecontroller.class.php public function init //用户名 if $username = Q'username' $uid = M'user'-where"username='$username'"-getField'uid'; goU"index", array'uid' = $uid; $this-uid = Q'uid', 0, 'intval...

YXcms1.2.8两处任意文件删除可reinstall

简要描述： 1.2.8 详细说明： 一处没有过滤，一处过滤失误 第一处：/protected/apps/member/controller/inforController.php public function index $auth=$this-auth; $id=$auth'id'; if!$this-isPost $info=model'members'-find"id='$id'"; $this-info=$info; $this-path=ROOT.'https://images.seebug.org/upload/member/image/';...

ShopEx某处平衡权限漏洞

简要描述： ShopEx某处平衡权限漏洞 详细说明： 首先我们来看看问题出现的文件源代码： core/shop/controller/ctl.member.php文件 ...... 第1026行 //删除收货地址 function delRec$addrId $oMem = &$this-system-loadModel'member/member'; if$oMem-delRec$addrId $this-redirect'member','receiver'; $this-output;...