55 matches found
CVE-2026-38808
SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive information via the ProductMapper.xml and /OrderUtil.java components...
CVE-2026-38808
SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive information via the ProductMapper.xml and /OrderUtil.java components...
CVE-2026-38808
SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive information via the ProductMapper.xml and /OrderUtil.java components...
CVE-2026-38808
CVE-2026-38808 is a SQL Injection vulnerability affecting uzy-ssm-mall v1.1.0. The issue is reachable via the ProductMapper.xml and OrderUtil.java components, enabling a remote attacker to obtain sensitive information. The CVSS 3.1 vector indicates network access, low attack complexity, no privil...
CVE-2026-38808
SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive information via the ProductMapper.xml and /OrderUtil.java components...
PT-2026-44049
SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive information via the ProductMapper.xml and /OrderUtil.java components...
CVE-2025-60833
An XML External Entity XXE vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying crafted XML data...
CVE-2025-60834
A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input...
CVE-2025-60834
A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input...
CVE-2025-60834
A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input...
CVE-2025-60833
An XML External Entity XXE vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying crafted XML data...
CVE-2025-60833
An XML External Entity XXE vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying crafted XML data...
uzy-ssm-mall 安全漏洞
uzy-ssm-mall yuzu cloud e-commerce is an SSM framework by ghostxbh individual developer for building e-commerce, bookstore malls, customer management, and more. A security vulnerability exists in uzy-ssm-mall version 1.1.0, which stems from improper fastjson deserialization and could lead to the...
uzy-ssm-mall 安全漏洞
uzy-ssm-mall yuzu cloud e-commerce is an SSM framework by ghostxbh individual developer for building e-commerce, bookstore malls, customer management, and so on. A security vulnerability exists in uzy-ssm-mall version 1.1.0, which stems from the presence of XML external entity references in the...
PT-2025-41266
Name of the Vulnerable Software and Affected Versions uzy-ssm-mall version 1.1.0 Description The /mall/wxpay/pay component contains a flaw that allows attackers to execute arbitrary code by providing specially crafted XML data. This is due to an XML External Entity XXE issue. Recommendations At t...
CVE-2025-60833
An XML External Entity XXE vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying crafted XML data...
EUVD-2025-33164
A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input...
CVE-2025-60834
The CVE-2025-60834 issue affects uzy-ssm-mall v1.1.0 and is caused by a fastjson deserialization flaw that allows arbitrary code execution when processing crafted input. Public references across NVD/Red Hat/CNNVD/CIRCL/CVE lists confirm the same description; exploitation status is not detailed in...
CVE-2025-60833
An XML External Entity XXE vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying crafted XML data...
CVE-2025-60834
A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input...