CVE-2025-15087

A security vulnerability has been detected in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function submitOrderPayment of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java. Such manipulation of the argument orderSn leads to improper...

CVE-2025-15084 youlaitech youlai-mall Order Payment OrderController.java orderService.payOrder access control

A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads to...

EUVD-2024-47537

Malicious code in bioql PyPI...

Carsale SQL Injection Vulnerability

Carsale is a Hitout open source automobile sales management system. Hitout Carsale version 1.0 has a SQL injection vulnerability, the vulnerability stems from the parameter orderBy in the file OrderController.java can lead to SQL injection...

Insecure Direct Object Reference (IDOR)

bagisto/bagisto is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient validation of the invoice ID parameter in the print function within OrderController.php. This flaw allows an attacker to retrieve sensitive information, resulting in Information...