CVE-2026-5328 | shsuishang modulithshop up to 829bac71f507e84684c782b9b062b8bf3b5585d6 ProductItemDao Interface ProductIndexServiceImpl.java listItem sidx/sort sql injection

A vulnerability labeled as critical has been found in shsuishang modulithshop up to 829bac71f507e84684c782b9b062b8bf3b5585d6. The impacted element is the function listItem of the file src/main/java/com/suisung/shopsuite/pt/service/impl/ProductIndexServiceImpl.java of the component ProductItemDao Interface. Executing a manipulation of the argument sidx/sort can lead to sql injection.

This vulnerability appears as CVE-2026-5328. The attack may be performed from remote. In addition, an exploit is available.

This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. A patch should be applied to remediate this issue.

CVE-2026-5328 | shsuishang modulithshop up to 829bac71f507e84684c782b9b062b8bf3b5585d6 ProductItemDao Interface ProductIndexServiceImpl.java listItem sidx/sort sql injection

Post correlati

CVE-2025-15147 | WCFM Membership Plugin up to 2.11.8 on WordPress processing resource injection

CVE-2024-21978 | AMD EPYC Embedded 9003 SEV-SNP input validation

CVE-2024-8899 | Jeg Elementor Kit Plugin up to 2.6.9 on WordPress sg_content_template information disclosure

CVE-2024-32112 | Leadinfo Plugin up to 1.0 on WordPress cross-site request forgery