CVE-2026-7060 | liyupi yu-picture up to a053632c41340152bf75b66b3c543d129123d8ec MyBatis-Plus PictureServiceImpl.java PageRequest sortField sql injection

A vulnerability classified as critical was found in liyupi yu-picture up to a053632c41340152bf75b66b3c543d129123d8ec. This impacts the function PageRequest of the file yu-picture-backend/src/main/java/com/yupi/yupicturebackend/service/impl/PictureServiceImpl.java of the component MyBatis-Plus. Executing a manipulation of the argument sortField can lead to sql injection.

This vulnerability is tracked as CVE-2026-7060. The attack can be launched remotely. Moreover, an exploit is present.

This product does not use versioning. This is why information about affected and unaffected releases are unavailable. Applying a patch is advised to resolve this issue.

The project was informed of the problem early through a pull request but has not reacted yet.

CVE-2026-7060 | liyupi yu-picture up to a053632c41340152bf75b66b3c543d129123d8ec MyBatis-Plus PictureServiceImpl.java PageRequest sortField sql injection

Post correlati

CVE-2024-47029 | Google Android trusty_shared_memory_manager.cc GetSharedMemory out-of-bounds

CVE-2024-36819 | MAP-OS up to 4.45.0 Client Name cross site scripting

CVE-2025-10673 | itsourcecode Student Information Management System 1.0 index.php classId sql injection

CVE-2024-43052 | Qualcomm Snapdragon Auto up to XR2+ Gen 1 Platform API Call memory corruption