CVE-2025-15087

A security vulnerability has been detected in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function submitOrderPayment of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java. Such manipulation of the argument orderSn leads to improper...

youlai-mall 授权问题漏洞

youlai-mall is a full-stack mall system by youlaitech open source. Authorization issue vulnerability exists in youlai-mall version 1.0.0 and 2.0.0, which originates from the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java Function submitOrderPayment...

Easy Digital Downloads < 3.1.0.2 - Unauthenticated CSV Injection

The plugin does not validate data when its output in a CSV file, which could lead to CSV injection. - Submit an order using =5+5 as "first name" and empty "last name" the plugin allows that. - Export the data as CSV from Reports Export. - Open the CSV with a spreadsheet application Excel, Libre...

SMS Bombing Vulnerability in Air China's Android Client

Air China Android client is an airplane flight inquiry service software. An SMS bombing vulnerability exists in the Air China Android client - Zhiyin Mall at the order submission. An attacker is allowed to replay this interface for SMS bombing, which constitutes system resource consumption...

PHPSHE多处SQL注入漏洞

简要描述： 详细说明： 很早之前就发现了，到现在还没修 PHPSHE商城系统，在用户提交订单时，收获信息多处存在SQL注入，有回显，可直接获取管理员账户信息。 module/index/order.php文件： //@ 订单增加 @// case 'add': $cartinfo = cartinfounserialize$ccartlist; $infolist = $cartinfo'list'; $money = $cartinfo'money'; if isset$ppesubmit //!count$infolist && peerror'购物车商品为空'; $order =...