Vulnerability Description
A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Guchengwuyue | Yshopmall | <= 1.9.1 |
Related Weaknesses (CWE)
References
- https://github.com/guchengwuyue/yshopmall/
- https://github.com/guchengwuyue/yshopmall/issues/39ExploitIssue TrackingVendor Advisory
- https://github.com/guchengwuyue/yshopmall/issues/39#issue-3769727898ExploitIssue TrackingVendor Advisory
- https://vuldb.com/?ctiid.340274Permissions RequiredVDB Entry
- https://vuldb.com/?id.340274Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.726464Third Party AdvisoryVDB Entry
- https://github.com/guchengwuyue/yshopmall/issues/39ExploitIssue TrackingVendor Advisory
- https://github.com/guchengwuyue/yshopmall/issues/39#issue-3769727898ExploitIssue TrackingVendor Advisory
FAQ
What is CVE-2025-15496?
CVE-2025-15496 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection. The attack ma...
How severe is CVE-2025-15496?
CVE-2025-15496 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-15496?
Check the references section above for vendor advisories and patch information. Affected products include: Guchengwuyue Yshopmall.