CVE-2025-15084 | youlaitech youlai-mall 1.0.0/2.0.0 Order Payment OrderController.java orderService.payOrder access control

A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0 and classified as critical. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads to improper access controls.

This vulnerability is documented as CVE-2025-15084. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-15084 | youlaitech youlai-mall 1.0.0/2.0.0 Order Payment OrderController.java orderService.payOrder access control

Post correlati

CVE-2024-8580 | TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 /etc/shadow.sample hard-coded password

CVE-2023-53815 | Linux Kernel up to 5.10.187/5.15.120/6.1.38/6.3.12/6.4.3 itimer_delete infinite loop

CVE-2025-1847 | zj1983 zz up to 2024-8 improper authorization

CVE-2024-52542 | Dell AppSync 4.6.0.x symlink (dsa-2024-496)