CVE-2025-15084

A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads to...

CVE-2025-15087

CVE-2025-15087 affects youlaitech youlai-mall versions 1.0.0–2.0.0. The vulnerability is in OrderController.java, submitOrderPayment, where manipulating the orderSn argument leads to improper authorization. Exploit has been publicly disclosed; remote exploitation is possible, with exploit maturit...

EUVD-2025-205394

A security vulnerability has been detected in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function submitOrderPayment of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java. Such manipulation of the argument orderSn leads to improper...

CVE-2025-15084

A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads to...

CVE-2025-15084 youlaitech youlai-mall Order Payment OrderController.java orderService.payOrder access control

A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads to...

CVE-2025-15084

CVE-2025-15084 affects youlaitech youlai-mall versions 1.0.0–2.0.0, specifically the Order Payment Handler’s OrderController.payOrder in mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/. The root cause is improper access controls in the orderService.payOrder function, enabling ...

youlai-mall 访问控制错误漏洞

youlai-mall is a full-stack mall system by youlaitech open source. youlai-mall version 1.0.0 and 2.0.0 versions of access control error vulnerability , the vulnerability stems from the Order Payment Handler component file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/ The functio...

CVE-2024-6438

A vulnerability has been found in Hitout Carsale 1.0 and classified as critical. This vulnerability affects unknown code of the file OrderController.java. The manipulation of the argument orderBy leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the...

PT-2024-37625 · Unknown · Hitout Carsale

Name of the Vulnerable Software and Affected Versions: Hitout Carsale version 1.0 Description: A critical issue has been discovered, affecting the OrderController.java file. The manipulation of the orderBy argument leads to SQL injection. This issue can be exploited remotely. Recommendations: For...

CVE-2024-24323

SQL injection vulnerability in linlinjava litemall v.1.8.0 allows a remote attacker to obtain sensitive information via the nickname, consignee, orderSN, orderStatusArray parameters of the AdminOrdercontroller.java component...

PT-2024-20358 · Linlinjava · Litemall

Name of the Vulnerable Software and Affected Versions: linlinjava litemall version 1.8.0 Description: The issue allows a remote attacker to obtain sensitive information via the nickname, consignee, orderSN, orderStatusArray parameters of the AdminOrdercontroller.java component. This is a SQL...

PT-2023-16855 · Unknown · Sul1Ss Shop

Name of the Vulnerable Software and Affected Versions: SUL1SS shop affected versions not specified Description: A critical issue has been found in SUL1SS shop, affecting the file applicationmerchcontrollerOrder.php. The manipulation of the keyword argument leads to SQL injection. The attack can b...

OIC Exponent CMS 输入验证错误漏洞

OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from OIC, USA. The system supports direct editing in the page and provides user management, site configuration, content editing and other functions. An input validation error vulnerability exists in Exponen...

SQL Injection Vulnerability in OrderController.class.php in ShopsN 2.0 Official Frontend

ShopsN Mall system is a product of Shanghai Yiso Network Technology Co., Ltd, an enterprise-class commercial standard full-featured allow free commercial use of the open source online store full network system. ShopsN 2.0 official version of the front-end OrderController.class.php SQL injection...

SQL Injection Vulnerability in ShopsN v2.0 Frontend OrderController.class.php File

ShopsN is a free e-commerce open source system. ShopsN v2.0 official version of the front-end OrderController.class.php file SQL injection vulnerability . As the system fails to effectively filter the addrdel function. A remote attacker can exploit the vulnerability to obtain sensitive informatio...

SQL Injection Vulnerability in ShopsN v2.0 Frontend OrderController.class.php File

ShopsN is a free e-commerce open source system. ShopsN v2.0 official version of the front-end OrderController.class.php file SQL injection vulnerability. The vulnerability is due to the system fails to effectively filter the data submitted by the user . An attacker can exploit this vulnerability ...

OIC Exponent CMS Information Disclosure Vulnerability

OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from the American OIC Group of companies. The system supports direct editing in the page, and provides user management, site configuration, content editing and other functions. An information disclosure...