Jjjfood

**Name of the Vulnerable Software and Affected Versions** jjjfood and jjjshop food versions up to 20260103 **Description** A flaw exists in jjjfood and jjjshop food that allows for SQL injection. The issue is located in unknown code within the file '/index.php/api/product.category/index'. Manipulation of the `latitude` argument can trigger the injection. The attack can be performed remotely. The exploit has been publicly disclosed. There is evidence of increased targeting of jiujiujia and other vendors related to this issue. **Recommendations** Versions up to 20260103 should be updated. As a temporary workaround, restrict or disable access to the `/index.php/api/product.category/index` endpoint. Avoid using the `latitude` parameter in the affected API endpoint until the issue is resolved.