Yshopmall CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-15496	1 Guchengwuyue	1 Yshopmall	2026-01-12	6.3 Medium
A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
CVE-2024-50648	2 Guchengwuyue, Yshopmall	2 Yshopmall, Yshopmall	2025-06-17	9.8 Critical
yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over the server when improperly configured to parse JSP files.
CVE-2025-25426	1 Guchengwuyue	1 Yshopmall	2025-06-12	7.2 High
yshopmall <=v1.9.0 is vulnerable to SQL Injection in the image listing interface.

Page 1 of 1.