3 matches found
CVE-2026-25993
EverShop (TypeScript-based eCommerce platform) is affected by a second-order SQL injection during category update/delete handling. The vulnerability stems from embedding path/request_path values, derived from the url_key stored in the database, into SQL statements via string concatenation that ar...
YzmCMS SQL Injection Vulnerability
YzmCMS is an open source CMS Content Management System developed by Chinese programmer Yuan Zhimeng. A SQL injection vulnerability exists in the \application\admin\controller\updateurls.class.php file in YzmCMS version 3.6. A remote attacker can exploit this vulnerability by sending a 'catids'...
CVE-2018-7579
\application\admin\controller\updateurls.class.php in YzmCMS 3.6 has SQL Injection via the catids array parameter to admin/updateurls/updatecategoryurl.html...