11 matches found
CVE-2025-15084
A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads to...
EUVD-2025-205383
A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads to...
CVE-2025-15084
A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads to...
CVE-2025-15084 youlaitech youlai-mall Order Payment OrderController.java orderService.payOrder access control
A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads to...
CVE-2025-15084
CVE-2025-15084 affects youlaitech youlai-mall versions 1.0.0–2.0.0, specifically the Order Payment Handler’s OrderController.payOrder in mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/. The root cause is improper access controls in the orderService.payOrder function, enabling ...
EUVD-2022-52307
Malicious code in bioql PyPI...
EUVD-2025-30834
Malicious code in bioql PyPI...
CVE-2024-8083
A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /php-ocls/classes/Master.php?f=payorder. The manipulation of the argument id leads to sql injection. The attac...
Merchandise Online Store SQL Injection Vulnerability (CNVD-2022-40279)
Merchandise Online Store is a merchandise online store system. A security vulnerability exists in Merchandise Online Store, which can be exploited by attackers to conduct SQL injection attacks via /vloggersmerch/classes/Master.php?f=payorder...
Merchandise Online Store SQL注入漏洞
Merchandise Online Store is a merchandise online store system. A security vulnerability exists in Merchandise Online Store, which can be exploited by attackers to conduct SQL injection attacks via /vloggersmerch/classes/Master.php?f=payorder...
CmsEasy最新版5.5 存储型XSS导致GetShell
简要描述: n处XSS,我不信都插完打不到cookie,get不了shell -.- 详细说明: 第一处(只代码审计第一处,后面几处类似。都是没有过滤): function loginfalse cookie::set'loginfalse',int cookie::get'loginfalse'+1,time+3600; event::log'loginfalse','失败 user='.front::post'username'; front::flashlang'登陆失败!'."".lang'backuppage'."";...