4 matches found
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the /wx/goods/list endpoint in the front-end WeChat API. An attacker can access, modify, or delete sensitive data by sending specially crafted input to the API endpoint. Remediation There is no fixed version for...
EUVD-2025-32190
Malicious code in bioql PyPI...
CVE-2025-56162
YOSHOP 2.0 suffers from an unauthenticated SQL injection in the goodsIds parameter of the /api/goods/listByIds endpoint. The getListByIds function concatenates user input into orderRaw'fieldgoodsid, ...', allowing attackers to: a enumerate or modify database data, including dumping admin password...
PT-2025-40400
Name of the Vulnerable Software and Affected Versions YOSHOP version 2.0 Description The software is susceptible to an unauthenticated SQL injection through the goodsIds parameter of the /api/goods/listByIds API endpoint. The getListByIds function improperly concatenates user-supplied input into ...