3 matches found
CVE-2026-2146
A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...
CVE-2025-25426
yshopmall =v1.9.0 is vulnerable to SQL Injection in the image listing interface...
PT-2024-34375 · Yshopmall · Yshopmall
Name of the Vulnerable Software and Affected Versions: yshopmall version V1.0 Description: The issue is related to an arbitrary file upload vulnerability. This vulnerability can lead to remote code execution RCE or even server takeover when the server is improperly configured to parse JSP files...