5 matches found
EUVD-2026-5803
A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...
CVE-2026-2146
The CVE-2026-2146 affects guchengwuyue yshopmall up to version 1.9.1. It targets the updateAvatar function in co.yixiang.utils.FileUtil, where manipulating the File argument enables unrestricted remote upload. An exploit has been publicly released; the project was informed of the issue but has no...
PT-2026-6973
Name of the Vulnerable Software and Affected Versions guchengwuyue yshopmall versions up to 1.9.1 Description A security flaw exists in guchengwuyue yshopmall up to version 1.9.1. The issue is related to unrestricted upload, stemming from manipulation of the File argument within the updateAvatar...
CVE-2025-15496 guchengwuyue yshopmall jobs getPage sql injection
A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project...
yshopmall SQL注入漏洞
yshopmall is a mall system by guchengwuyue individual developer. A SQL injection vulnerability exists in yshopmall 1.9.0 and earlier versions, which stems from a SQL injection issue...