📦 Yshopmall

yshopmall V1.0 contains an arbitrary file upload vulnerability that allows attackers to upload malicious files, potentially leading to remote code execution (RCE) and server takeover if the server is ...

CVE-2025-25426 is an SQL injection vulnerability in yshopmall's image listing interface that allows attackers to execute arbitrary SQL commands. This affects all yshopmall installations running versio...

This vulnerability allows remote attackers to upload arbitrary files without restrictions through the updateAvatar function in guchengwuyue yshopmall. Attackers can exploit this to upload malicious fi...

This SQL injection vulnerability in guchengwuyue yshopmall allows attackers to manipulate database queries through the 'sort' parameter in the /api/jobs endpoint. Attackers can potentially read, modif...