Key Information 1. Vulnerability Impact mall-swarm <= 1.0.3 (latest version) Repository link: mall-swarm 2. Vulnerability Location API Path: 3. Code Analysis The code accepts only as a parameter, but does not verify whether the order belongs to the currently logged-in user. 4. Vulnerability Reproduction An attacker can exploit this vulnerability by sending a POST request to the endpoint containing an order ID belonging to another user. Example: 5. Impact Description This vulnerability allows an attacker to manipulate the parameter to cancel orders on behalf of other users, resulting in unauthorized order cancellation and violation of access control.