2 matches found
CVE-2025-2952
CVE-2025-2952 : Bluestar Micro Mall 1.0 contains a vulnerability in the API endpoint /api/api.php?mod=upload&type=1 where manipulating the File parameter leads to unrestricted file upload. The issue is exploitable remotely and the exploit has been disclosed publicly, enabling potential remote com...
CVE-2025-2951
Bluestar Micro Mall 1.0 is affected by an SQL injection vulnerability in an unknown function of /api/data.php accessed via the Search parameter. The issue can be exploited remotely, and the exploit has been disclosed publicly. Credible sources (NVD, Red Hat, CIRCL, CVE records) consistently descr...