old6ma/CVE-2025-66736.txt Secret

## CVE-2025-66736.txt
[CVE ID]
CVE-2025-66736

[Product]
youlai-mall

[Version]
before Release v3.2.0

[Vulnerability Type]
CWE-284:Improper Access Control
CWE-862:Missing Authorization

[Description]
Youlai-mall before Release v3.2.0 is vulnerable to improper access, we discovered one interface with vulnerabilities.
The main function of the API is to import user data into the database. However, neither this interface function nor its callee functions perform permission checks for the current user. This could allow any user to import user data into the database.This may lead to issues such as polluting the database or creating some illegal users.
We have reported this vulnerability to the developer and received confirmation from them. The developer has also made subsequent fixes to the vulnerability.

[Reference]
The vulnerability：https://gitee.com/youlaiorg/youlai-boot/issues/ICH8FV
Project URL：https://gitee.com/youlaiorg/youlai-boot
	[CVE ID]
	CVE-2025-66736

	[Product]
	youlai-mall

	[Version]
	before Release v3.2.0

	[Vulnerability Type]
	CWE-284:Improper Access Control
	CWE-862:Missing Authorization

	[Description]
	Youlai-mall before Release v3.2.0 is vulnerable to improper access, we discovered one interface with vulnerabilities.
	The main function of the API is to import user data into the database. However, neither this interface function nor its callee functions perform permission checks for the current user. This could allow any user to import user data into the database.This may lead to issues such as polluting the database or creating some illegal users.
	We have reported this vulnerability to the developer and received confirmation from them. The developer has also made subsequent fixes to the vulnerability.

	[Reference]
	The vulnerability：https://gitee.com/youlaiorg/youlai-boot/issues/ICH8FV
	Project URL：https://gitee.com/youlaiorg/youlai-boot
No results found