guchengwuyue yshopmall jobs getPage sql injection_CVE-2025-15496

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2025-15496

Source VulDB

Published Jan 9, 2026 at 17:02

Modified Jan 9, 2026 at 18:36

Affected Product

Vendor guchengwuyue

Product yshopmall

Version 1.9.0

Affected Versions guchengwuyue yshopmall 1.9.0
guchengwuyue yshopmall 1.9.1

CWE Classification

CWE-89 CWE-74

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2026-01-09T17:02:12.054Z",
    "modified": "2026-01-09T18:36:47.236Z",
    "type": "cve",
    "title": "guchengwuyue yshopmall jobs getPage sql injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.340274\nhttps://vuldb.com/?ctiid.340274\nhttps://vuldb.com/?submit.726464\nhttps://github.com/guchengwuyue/yshopmall/issues/39\nhttps://github.com/guchengwuyue/yshopmall/issues/39#issue-3769727898",
    "id": "CVE-2025-15496",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "guchengwuyue yshopmall 1.9.0\nguchengwuyue yshopmall 1.9.1",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "yshopmall",
    "version": "1.9.0",
    "vendor": "guchengwuyue",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}