Guchengwuyue Yshopmall

4 CVEs affecting Guchengwuyue Yshopmall. Latest disclosed: 2026-02-08. Critical: 1, High: 1.

Top CVEs affecting Guchengwuyue Yshopmall
CVESeverityScorePublishedSummary
CVE-2024-50648Critical9.82024-11-15yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over the server when improperly configured to parse JSP files.
CVE-2025-25426High7.22025-03-04yshopmall <=v1.9.0 is vulnerable to SQL Injection in the image listing interface.
CVE-2026-2146Medium6.32026-02-08A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the co…
CVE-2025-15496Medium6.32026-01-09A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. This manipulation of the argument…