jiujiujia/victor123/wxw850227 jjjfood/jjjshop_food index sql injection_CVE-2026-0843

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in jiujiujia/victor123/wxw850227 jjjfood and jjjshop_food up to 20260103. This vulnerability affects unknown code of the file /index.php/api/product.category/index. Such manipulation of the argument latitude leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product is distributed under multiple different names. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2026-0843

Source VulDB

Published Jan 11, 2026 at 09:02

Affected Product

Vendor jiujiujia

Product jjjfood

Version 20260103

Affected Versions jiujiujia jjjfood 20260103
jiujiujia jjjshop_food 20260103
victor123 jjjfood 20260103
victor123 jjjshop_food 20260103
wxw850227 jjjfood 20260103
wxw850227 jjjshop_food 20260103

CWE Classification

CWE-89 CWE-74

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in jiujiujia/victor123/wxw850227 jjjfood and jjjshop_food up to 20260103. This vulnerability affects unknown code of the file /index.php/api/product.category/index. Such manipulation of the argument latitude leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product is distributed under multiple different names. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-01-11T09:02:05.907Z",
    "modified": "2026-01-11T09:02:05.907Z",
    "type": "cve",
    "title": "jiujiujia/victor123/wxw850227 jjjfood/jjjshop_food index sql injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.340443\nhttps://vuldb.com/?ctiid.340443\nhttps://vuldb.com/?submit.731001\nhttp://101.200.76.102:38765/qwertyuiop/qwsdfvbnm/1/vuldb/JJJshop/EnglishVers%E4%B8%89%E5%8B%BE%E7%82%B9%E9%A4%90%E7%B3%BB%E7%BB%9FPHP%E7%89%88%E5%AD%98%E5%9C%A8product.category.indexSQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.pdf",
    "id": "CVE-2026-0843",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "jiujiujia jjjfood 20260103\njiujiujia jjjshop_food 20260103\nvictor123 jjjfood 20260103\nvictor123 jjjshop_food 20260103\nwxw850227 jjjfood 20260103\nwxw850227 jjjshop_food 20260103",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "jjjfood",
    "version": "20260103",
    "vendor": "jiujiujia",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}