Youlaitech Youlai-Mall Improper Access Control Vulnerability in Member ID Management

A vulnerability exists in Youlaitech Youlai-Mall versions 1.0.0 and 2.0.0, specifically within the 'getMemberById' function of the '/mall-ums/app-api/v1/members/' endpoint. This vulnerability allows unauthorized users to access other users' WeChat openid by manipulating the 'memberId' parameter, due to a lack of proper access controls. The issue can be exploited remotely, and has been publicly disclosed. The vendor was notified prior to this disclosure but did not respond.

Impact

Exploitation of this vulnerability leads to unauthorized access to sensitive user information, specifically WeChat openid, which can be used for account enumeration and profiling. This access control failure violates data ownership principles and can result in privacy regulation noncompliance.

Reproduction

To reproduce this vulnerability, log in to the application to obtain a valid authorization token. Then, send a GET request to the '/mall-ums/app-api/v1/members/{memberId}/openid' endpoint, replacing '{memberId}' with the target user's member ID. The response will include the WeChat openid of the user associated with the member ID.