35 matches found
CVE-2026-2146
A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...
CVE-2026-2146
A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...
CVE-2026-2146
A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...
CVE-2026-2146 guchengwuyue yshopmall co.yixiang.utils.FileUtil updateAvatar unrestricted upload
A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...
CVE-2026-2146
A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...
CVE-2026-2146 guchengwuyue yshopmall co.yixiang.utils.FileUtil updateAvatar unrestricted upload
A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...
CVE-2026-2146
The CVE-2026-2146 affects guchengwuyue yshopmall up to version 1.9.1. It targets the updateAvatar function in co.yixiang.utils.FileUtil, where manipulating the File argument enables unrestricted remote upload. An exploit has been publicly released; the project was informed of the issue but has no...
EUVD-2026-5803
A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...
PT-2026-6973
Name of the Vulnerable Software and Affected Versions guchengwuyue yshopmall versions up to 1.9.1 Description A security flaw exists in guchengwuyue yshopmall up to version 1.9.1. The issue is related to unrestricted upload, stemming from manipulation of the File argument within the updateAvatar...
yshopmall 代码问题漏洞
yshopmall is a shopping system developed by Gucheng Wuyue as an individual developer. Versions of yshopmall 1.9.1 and earlier have code vulnerabilities. These vulnerabilities stem from incorrect handling of parameters in the /api/users/updateAvatar file, which may lead to arbitrary file uploads...
CVE-2025-15496
A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project...
CVE-2025-15496
A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project...
CVE-2025-15496
A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project...
CVE-2025-15496 guchengwuyue yshopmall jobs getPage sql injection
A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project...
CVE-2025-15496 guchengwuyue yshopmall jobs getPage sql injection
A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project...
CVE-2025-15496
The CVE-2025-15496 entry applies to guchengwuyue yshopmall up to version 1.9.1. The vulnerability is in the getPage function of /api/jobs, where manipulating the sort argument enables SQL injection. This can be triggered remotely, and the exploit has been publicly disclosed. Multiple connected so...
PT-2026-1775
Name of the Vulnerable Software and Affected Versions guchengwuyue yshopmall versions up to 1.9.1 Description A flaw exists in the getPage function within the /api/jobs file that allows for SQL injection through manipulation of the sort argument. This issue can be exploited remotely. The exploit ...
yshopmall 安全漏洞
yshopmall is a mall system by guchengwuyue personal developer. A security vulnerability exists in yshopmall 1.9.1 and earlier versions, which stems from the incorrect operation of the parameter sort in file/api/jobs, and may lead to SQL injection attacks...
EUVD-2025-6180
Malicious code in bioql PyPI...
CVE-2024-50648
yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over the server when improperly configured to parse JSP files...