Lucene search
K

55 matches found

RedhatCVE
RedhatCVE
added 2026/05/28 8:13 p.m.18 views

CVE-2026-38808

SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive information via the ProductMapper.xml and /OrderUtil.java components...

5.3CVSS5.9AI score0.00288EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 6:16 p.m.14 views

CVE-2026-38808

SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive information via the ProductMapper.xml and /OrderUtil.java components...

5.3CVSS0.00288EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-44049

SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive information via the ProductMapper.xml and /OrderUtil.java components...

5.9AI score0.00288EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 12:0 a.m.41 views

CVE-2026-38808

SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive information via the ProductMapper.xml and /OrderUtil.java components...

0.00288EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 12:0 a.m.19 views

CVE-2026-38808

CVE-2026-38808 is a SQL Injection vulnerability affecting uzy-ssm-mall v1.1.0. The issue is reachable via the ProductMapper.xml and OrderUtil.java components, enabling a remote attacker to obtain sensitive information. The CVSS 3.1 vector indicates network access, low attack complexity, no privil...

5.3CVSS5.9AI score0.00288EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 12:0 a.m.6 views

CVE-2026-38808

SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive information via the ProductMapper.xml and /OrderUtil.java components...

5.9AI score0.00288EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/09 12:14 a.m.12 views

CVE-2025-60833

An XML External Entity XXE vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying crafted XML data...

6.5CVSS7.9AI score0.00328EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/10/09 12:14 a.m.9 views

CVE-2025-60834

A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input...

6.5CVSS7.8AI score0.00336EPSS
Exploits1References1
NVD
NVD
added 2025/10/08 3:16 p.m.6 views

CVE-2025-60834

A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input...

6.5CVSS0.00336EPSS
Exploits1References2
OSV
OSV
added 2025/10/08 3:16 p.m.4 views

CVE-2025-60834

A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input...

6.5CVSS6.1AI score0.00336EPSS
Exploits1References2
OSV
OSV
added 2025/10/08 2:15 p.m.4 views

CVE-2025-60833

An XML External Entity XXE vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying crafted XML data...

6.5CVSS6.1AI score0.00328EPSS
Exploits1References2
NVD
NVD
added 2025/10/08 2:15 p.m.10 views

CVE-2025-60833

An XML External Entity XXE vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying crafted XML data...

6.5CVSS0.00328EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/10/08 12:0 a.m.7 views

uzy-ssm-mall 安全漏洞

uzy-ssm-mall yuzu cloud e-commerce is an SSM framework by ghostxbh individual developer for building e-commerce, bookstore malls, customer management, and more. A security vulnerability exists in uzy-ssm-mall version 1.1.0, which stems from improper fastjson deserialization and could lead to the...

6.5CVSS7AI score0.00336EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/10/08 12:0 a.m.5 views

uzy-ssm-mall 安全漏洞

uzy-ssm-mall yuzu cloud e-commerce is an SSM framework by ghostxbh individual developer for building e-commerce, bookstore malls, customer management, and so on. A security vulnerability exists in uzy-ssm-mall version 1.1.0, which stems from the presence of XML external entity references in the...

6.5CVSS7AI score0.00328EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/08 12:0 a.m.4 views

EUVD-2025-33165

An XML External Entity XXE vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying crafted XML data...

6.5CVSS7.4AI score0.00328EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/10/08 12:0 a.m.5 views

PT-2025-41266

Name of the Vulnerable Software and Affected Versions uzy-ssm-mall version 1.1.0 Description The /mall/wxpay/pay component contains a flaw that allows attackers to execute arbitrary code by providing specially crafted XML data. This is due to an XML External Entity XXE issue. Recommendations At t...

6.5CVSS7.4AI score0.00328EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/10/08 12:0 a.m.5 views

CVE-2025-60833

An XML External Entity XXE vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying crafted XML data...

7.6AI score0.00328EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/10/08 12:0 a.m.3 views

CVE-2025-60834

A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input...

7.5AI score0.00336EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/08 12:0 a.m.5 views

EUVD-2025-33164

A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input...

6.5CVSS7.3AI score0.00336EPSS
Exploits1References3
CVE
CVE
added 2025/10/08 12:0 a.m.16 views

CVE-2025-60833

CVE-2025-60833 (uzy-ssm-mall v1.1.0) : An XML External Entity (XXE) flaw in the /mall/wxpay/pay component allows an attacker to execute arbitrary code by supplying crafted XML data. Root cause: XXE in the XML parsing path. Affected software is uzy-ssm-mall v1.1.0; document does not provide a fixe...

6.5CVSS7.6AI score0.00328EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder