Yshopmall
Monthly
Unrestricted file upload in Yshopmall up to version 1.9.1 allows authenticated attackers to upload arbitrary files via manipulation of the updateAvatar function in the FileUtil component. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. The vendor has not yet released a patch despite early notification.
A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. [CVSS 6.3 MEDIUM]
yshopmall <=v1.9.0 is vulnerable to SQL Injection in the image listing interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Unrestricted file upload in Yshopmall up to version 1.9.1 allows authenticated attackers to upload arbitrary files via manipulation of the updateAvatar function in the FileUtil component. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. The vendor has not yet released a patch despite early notification.
A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. [CVSS 6.3 MEDIUM]
yshopmall <=v1.9.0 is vulnerable to SQL Injection in the image listing interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.