cbcvebase.

Youlaitech Youlai-Mall vulnerabilities

9 known vulnerabilities affecting youlaitech/youlai-mall.

Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4MEDIUM3LOW1

Vulnerabilities

Page 1 of 1
CVE-2025-14085P2HIGHCVSS 8.8v1.0.0v2.0.02025-12-05
CVE-2025-14085 [HIGH] CWE-913 CVE-2025-14085: A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. This impacts an unknown functi A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. This impacts an unknown function of the file /app-api/v1/orders/. The manipulation of the argument orderId leads to improper control of dynamically-identified variables. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The
nvd
CVE-2025-14086P3HIGHCVSS 8.8v1.0.0v2.0.02025-12-05
CVE-2025-14086 [HIGH] CWE-266 CVE-2025-14086: A vulnerability was found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is an unknown function of A vulnerability was found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is an unknown function of the file /app-api/v1/members/openid/. The manipulation of the argument openid results in improper access controls. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosu
nvd
CVE-2025-14051P3HIGHCVSS 8.8v1.0.0v2.0.02025-12-04
CVE-2025-14051 [HIGH] CWE-913 CVE-2025-14051: A flaw has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function getById/update A flaw has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function getById/updateAddress/deleteAddress of the file /mall-ums/app-api/v1/addresses/. Executing manipulation can lead to improper control of dynamically-identified variables. The attack can be executed remotely. The exploit has been published and may be used. The vendor w
nvd
CVE-2026-3287P3CRITICALCVSS 9.8v2.0.02026-02-27
CVE-2026-3287 [CRITICAL] CWE-74 CVE-2026-3287: A security flaw has been discovered in youlaitech youlai-mall 2.0.0. This affects the function listP A security flaw has been discovered in youlaitech youlai-mall 2.0.0. This affects the function listPagedSpuForApp of the file mall-pms/pms-boot/src/main/java/com/youlai/mall/pms/controller/app/SpuController.java of the component App-side Product Pagination Endpoint. Performing a manipulation of the argument sortField/sort results in sql injection. Re
nvd
CVE-2025-15085P3HIGHCVSS 8.1v1.0.0v2.0.02025-12-25
CVE-2025-15085 [HIGH] CWE-266 CVE-2025-15085: A security flaw has been discovered in youlaitech youlai-mall 1.0.0/2.0.0. This affects the function A security flaw has been discovered in youlaitech youlai-mall 1.0.0/2.0.0. This affects the function deductBalance of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java of the component Balance Handler. The manipulation results in improper authorization. The attack can be launched remotely. The exploit ha
nvd
CVE-2025-14052P3MEDIUMCVSS 6.5v1.0.0v2.0.02025-12-05
CVE-2025-14052 [MEDIUM] CWE-266 CVE-2025-14052: A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected by this vulnerability A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected by this vulnerability is the function getMemberById of the file /mall-ums/app-api/v1/members/. The manipulation of the argument memberId leads to improper access controls. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and
nvd
CVE-2025-15086P4MEDIUMCVSS 4.3v1.0.0v2.0.02025-12-25
CVE-2025-15086 [MEDIUM] CWE-266 CVE-2025-15086: A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0. This impacts the function getM A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0. This impacts the function getMemberByMobile of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java. This manipulation causes improper access controls. The attack may be initiated remotely. The exploit has been made available to the pub
nvd
CVE-2025-15087P4MEDIUMCVSS 4.3v1.0.0v2.0.02025-12-25
CVE-2025-15087 [MEDIUM] CWE-266 CVE-2025-15087: A security vulnerability has been detected in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the fu A security vulnerability has been detected in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function submitOrderPayment of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java. Such manipulation of the argument orderSn leads to improper authorization. The attack may be launched remotely. The exploit
nvd
CVE-2025-15084P4LOWCVSS 3.1v1.0.0v2.0.02025-12-25
CVE-2025-15084 [LOW] CWE-266 CVE-2025-15084: A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the fu A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads to improper access controls. The attack can be initiated remot
nvd