CVE-2026-2146 guchengwuyue yshopmall co.yixiang.utils.FileUtil updateAvatar unrestricted upload

A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...

yshopmall 代码问题漏洞

yshopmall is a shopping system developed by Gucheng Wuyue as an individual developer. Versions of yshopmall 1.9.1 and earlier have code vulnerabilities. These vulnerabilities stem from incorrect handling of parameters in the /api/users/updateAvatar file, which may lead to arbitrary file uploads...