CVE-2026-0843 | jiujiujia/victor123/wxw850227 jjjfood/jjjshop_food up to 20260103 index latitude sql injection

A vulnerability was found in jiujiujia/victor123/wxw850227 jjjfood and jjjshop_food up to 20260103 and classified as critical. This vulnerability affects unknown code of the file /index.php/api/product.category/index. Such manipulation of the argument latitude leads to sql injection.

This vulnerability is uniquely identified as CVE-2026-0843. The attack can be launched remotely. Moreover, an exploit is present.

This product is distributed under multiple different names. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-0843 | jiujiujia/victor123/wxw850227 jjjfood/jjjshop_food up to 20260103 index latitude sql injection

Post correlati

CVE-2025-25370 | realme GT 5.0 Setting information disclosure

CVE-2025-11665 | D-Link DAP-2695 2.00RC131 Firmware Update rgbin fwupdater_main os command injection

CVE-2025-59053 | moeru-ai airi 0.7.2-beta.2 MarkdownRenderer.vue highlightTagToHtml cross site scripting (GHSA-9832-f8jx-hw6f)

CVE-2024-33273 | shipup up to 3.2.x getShopID sql injection