55 matches found
CVE-2026-38808
SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive information via the ProductMapper.xml and /OrderUtil.java components...
CVE-2026-38808
SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive information via the ProductMapper.xml and /OrderUtil.java components...
PT-2026-44049
SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive information via the ProductMapper.xml and /OrderUtil.java components...
CVE-2026-38808
SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive information via the ProductMapper.xml and /OrderUtil.java components...
CVE-2026-38808
CVE-2026-38808 is a SQL Injection vulnerability affecting uzy-ssm-mall v1.1.0. The issue is reachable via the ProductMapper.xml and OrderUtil.java components, enabling a remote attacker to obtain sensitive information. The CVSS 3.1 vector indicates network access, low attack complexity, no privil...
CVE-2026-38808
SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive information via the ProductMapper.xml and /OrderUtil.java components...
CVE-2025-60833
An XML External Entity XXE vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying crafted XML data...
CVE-2025-60834
A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input...
CVE-2025-60834
A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input...
CVE-2025-60834
A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input...
CVE-2025-60833
An XML External Entity XXE vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying crafted XML data...
CVE-2025-60833
An XML External Entity XXE vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying crafted XML data...
uzy-ssm-mall 安全漏洞
uzy-ssm-mall yuzu cloud e-commerce is an SSM framework by ghostxbh individual developer for building e-commerce, bookstore malls, customer management, and more. A security vulnerability exists in uzy-ssm-mall version 1.1.0, which stems from improper fastjson deserialization and could lead to the...
uzy-ssm-mall 安全漏洞
uzy-ssm-mall yuzu cloud e-commerce is an SSM framework by ghostxbh individual developer for building e-commerce, bookstore malls, customer management, and so on. A security vulnerability exists in uzy-ssm-mall version 1.1.0, which stems from the presence of XML external entity references in the...
EUVD-2025-33165
An XML External Entity XXE vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying crafted XML data...
PT-2025-41266
Name of the Vulnerable Software and Affected Versions uzy-ssm-mall version 1.1.0 Description The /mall/wxpay/pay component contains a flaw that allows attackers to execute arbitrary code by providing specially crafted XML data. This is due to an XML External Entity XXE issue. Recommendations At t...
CVE-2025-60833
An XML External Entity XXE vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying crafted XML data...
CVE-2025-60834
A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input...
EUVD-2025-33164
A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input...
CVE-2025-60833
CVE-2025-60833 (uzy-ssm-mall v1.1.0) : An XML External Entity (XXE) flaw in the /mall/wxpay/pay component allows an attacker to execute arbitrary code by supplying crafted XML data. Root cause: XXE in the XML parsing path. Affected software is uzy-ssm-mall v1.1.0; document does not provide a fixe...