Key Information Summary 1. Vulnerability Impact Affected Versions: mall-swarm <= v1.0.3 Link: https://github.com/mall-swarm/mall-swarm 2. Vulnerability Location API Path: 3. Code Analysis Problematic Code: Code Issue: The parameter is directly used to query the order without validation to ensure the order belongs to the current user. 4. Correct Implementation Example Validation Example Code: 5. Vulnerability Reproduction Attack Method: An attacker can send a GET request to with an that does not belong to them, thereby retrieving order details of other users. 6. Impact Description Risk: Attackers can access other users' order details without authorization, leading to broken access control and exposure of sensitive information.