massive PII leakage for ███████

The report identifies a security vulnerability in the ███████ visitor management system (mwcvisitor.royalcanin.com.cn). The vulnerability exposes an access log file that contains personally identifiable information (PII) of users. The log file is directly accessible through a public URL without any authentication requirements, allowing unauthorized individuals to view sensitive personal data. This represents an instance of CWE-922 (Insecure Storage of Sensitive Information) where proper access controls are not implemented to protect sensitive information. The vulnerability was confirmed and subsequently resolved by the Mars team, as the site was closed at the end of 2024 and the endpoint is no longer accessible.