CVE-2026-3287 | youlaitech youlai-mall 2.0.0 App-side Product Pagination Endpoint SpuController.java listPagedSpuForApp sortField/sort sql injection

A vulnerability has been found in youlaitech youlai-mall 2.0.0 and classified as critical. This affects the function listPagedSpuForApp of the file mall-pms/pms-boot/src/main/java/com/youlai/mall/pms/controller/app/SpuController.java of the component App-side Product Pagination Endpoint. Performing a manipulation of the argument sortField/sort results in sql injection.

This vulnerability is known as CVE-2026-3287. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-3287 | youlaitech youlai-mall 2.0.0 App-side Product Pagination Endpoint SpuController.java listPagedSpuForApp sortField/sort sql injection

Post correlati

CVE-2024-10410 | SourceCodester Online Hotel Reservation System 1.0 controller.php?action=add upload image unrestricted upload

CVE-2024-32556 | Nabil Lemsieh HurryTimer Plugin up to 2.9.2 on WordPress cross site scripting

CVE-2023-29134 | Cargo Extension up to 1.39.3 on MediaWiki Backticks Privilege Escalation

CVE-2025-11537 | Red Hat Keycloak HTTP Access Log log file