CVE-2025-15496 | guchengwuyue yshopmall up to 1.9.1 /api/jobs getPage sort sql injection

Inserito da Angelo Barbosa | Gen 9, 2026 | CVE

A vulnerability has been found in guchengwuyue yshopmall up to 1.9.1 and classified as critical. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection.

This vulnerability appears as CVE-2025-15496. The attack may be initiated remotely. In addition, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2025-15496 | guchengwuyue yshopmall up to 1.9.1 /api/jobs getPage sort sql injection

Post correlati

CVE-2024-39362 | Linux Kernel up to 6.1.94/6.6.33/6.9.4 fs/kernfs/dir.c acpi_bind_one stack-based overflow

CVE-2024-0007 | Palo Alto Networks PAN-OS/Prisma Access/Cloud NGFW Web Interface cross site scripting

CVE-2024-56939 | LearnDash 6.7.1 ld-comment-body Class cross site scripting

CVE-2024-40718 | Veeam Backup for Nutanix AHV server-side request forgery (kb4649)