Youlai

Youlai-mall

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2026-3287

Exploit
  • EPSS 0.03%
  • Veröffentlicht 27.02.2026 04:02:43
  • Zuletzt bearbeitet 02.03.2026 15:22:38

A security flaw has been discovered in youlaitech youlai-mall 2.0.0. This affects the function listPagedSpuForApp of the file mall-pms/pms-boot/src/main/java/com/youlai/mall/pms/controller/app/SpuController.java of the component App-side Product Pagi...

5.3

CVE-2025-15087

Exploit
  • EPSS 0.05%
  • Veröffentlicht 25.12.2025 21:02:07
  • Zuletzt bearbeitet 26.02.2026 17:22:44

A security vulnerability has been detected in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function submitOrderPayment of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java. Such manipulation of th...

4.3

CVE-2025-15086

Exploit
  • EPSS 0.04%
  • Veröffentlicht 25.12.2025 20:32:06
  • Zuletzt bearbeitet 31.12.2025 20:02:13

A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0. This impacts the function getMemberByMobile of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java. This manipulation causes improper ...

8.1

CVE-2025-15085

Exploit
  • EPSS 0.04%
  • Veröffentlicht 25.12.2025 19:32:08
  • Zuletzt bearbeitet 31.12.2025 20:02:01

A security flaw has been discovered in youlaitech youlai-mall 1.0.0/2.0.0. This affects the function deductBalance of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java of the component Balance Handler. ...

3.1

CVE-2025-15084

Exploit
  • EPSS 0.05%
  • Veröffentlicht 25.12.2025 18:32:05
  • Zuletzt bearbeitet 31.12.2025 19:50:53

A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Orde...

8.8

CVE-2025-14086

Exploit
  • EPSS 0.05%
  • Veröffentlicht 05.12.2025 14:02:08
  • Zuletzt bearbeitet 10.12.2025 23:18:13

A vulnerability was found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is an unknown function of the file /app-api/v1/members/openid/. The manipulation of the argument openid results in improper access controls. The attack can be executed remotely...

8.8

CVE-2025-14085

Exploit
  • EPSS 0.06%
  • Veröffentlicht 05.12.2025 14:02:05
  • Zuletzt bearbeitet 10.12.2025 23:21:08

A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. This impacts an unknown function of the file /app-api/v1/orders/. The manipulation of the argument orderId leads to improper control of dynamically-identified variables. Remote exp...

6.5

CVE-2025-14052

Exploit
  • EPSS 0.04%
  • Veröffentlicht 05.12.2025 00:15:48
  • Zuletzt bearbeitet 10.12.2025 23:29:30

A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected by this vulnerability is the function getMemberById of the file /mall-ums/app-api/v1/members/. The manipulation of the argument memberId leads to improper access controls....

8.8

CVE-2025-14051

Exploit
  • EPSS 0.08%
  • Veröffentlicht 04.12.2025 22:32:06
  • Zuletzt bearbeitet 10.12.2025 21:37:19

A flaw has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function getById/updateAddress/deleteAddress of the file /mall-ums/app-api/v1/addresses/. Executing manipulation can lead to improper control of dynamically-identified varia...