提交 #695945: youlai-mall latest Improper Control of Resource Identifiers
| 标题 | youlai-mall latest Improper Control of Resource Identifiers |
|---|---|
| 描述 | youlai-mall improper access control and business logic flaw exposes openid→memberId mapping via GET /mall-ums/app-api/v1/members/openid/{openid} , enabling horizontal privilege escalation and unauthorized operations on victim accounts |
| 来源 | ⚠️ https:/ |
| 用户 | huangweigang (UID 88993) |
| 提交 | 2025-11-15 07時47分 (5 月前) |
| 管理 | 2025-12-05 09時35分 (20 days later) |
| 状态 | 已接受 |
| VulDB条目 | 334477 [youlaitech youlai-mall 1.0.0/2.0.0 openid 权限提升] |
| 积分 | 17 |