CVE-2025-15086 | youlaitech youlai-mall 1.0.0/2.0.0 MemberController.java getMemberByMobile access control

A vulnerability was found in youlaitech youlai-mall 1.0.0/2.0.0. It has been classified as critical. This impacts the function getMemberByMobile of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java. This manipulation causes improper access controls.

This vulnerability appears as CVE-2025-15086. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-15086 | youlaitech youlai-mall 1.0.0/2.0.0 MemberController.java getMemberByMobile access control

Post correlati

CVE-2025-22322 | Private Messages for UserPro Plugin up to 4.10.0 on WordPress cross site scripting

CVE-2024-4839 | parisneo lollms-webui up to 9.6 XTTS Service cross-site request forgery

CVE-2024-6345 | pypa setuptools up to 69.1.1 package_index code injection

CVE-2024-7231 | Avast Cleanup Premium link following (ZDI-24-1001)