CVE-2025-15496

Name of the Vulnerable Software and Affected Versions guchengwuyue yshopmall versions up to 1.9.1

Description A flaw exists in the getPage function within the /api/jobs file that allows for SQL injection through manipulation of the sort argument. This issue can be exploited remotely. The exploit is publicly available. The project maintainers were notified but have not yet responded.

Recommendations Versions up to 1.9.1 should be updated when a fix becomes available. As a temporary workaround, restrict access to the /api/jobs file or disable the getPage function until a patch is available.