Guchengwuyue Yshopmall vulnerabilities
4 known vulnerabilities affecting guchengwuyue/yshopmall.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2
Vulnerabilities
Page 1 of 1
CVE-2026-2146P2HIGHCVSS 8.8≤ 1.9.1v1.9.0+1 more2026-02-08
CVE-2026-2146 [HIGH] CWE-284 CVE-2026-2146: A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function
A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible to be carried out remotely. The exploit has been released t
nvd
CVE-2024-50648P3CRITICALCVSS 9.8v1.02024-11-15
CVE-2024-50648 [CRITICAL] CWE-22 CVE-2024-50648: yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over th
yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over the server when improperly configured to parse JSP files.
nvd
CVE-2025-15496P3CRITICALCVSS 9.8≤ 1.9.1v1.9.0+1 more2026-01-09
CVE-2025-15496 [CRITICAL] CWE-74 CVE-2025-15496: A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPa
A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue r
nvd
CVE-2025-25426P3HIGHCVSS 7.2≤ 1.9.02025-03-04
CVE-2025-25426 [HIGH] CWE-89 CVE-2025-25426: yshopmall <=v1.9.0 is vulnerable to SQL Injection in the image listing interface.
yshopmall <=v1.9.0 is vulnerable to SQL Injection in the image listing interface.
nvd