Xinze

Name of the Vulnerable Software and Affected Versions shsuishang modulithshop versions prior to 829bac71f507e84684c782b9b062b8bf3b5585d6 Description A weakness exists in shsuishang modulithshop. Manipulation of the `sidx/sort` argument in the `listItem` function within the `ProductIndexServiceImpl.java` file of the `ProductItemDao Interface` component can lead to SQL injection. This attack can be performed remotely, and an exploit is publicly available. Recommendations Apply patch 42bcb9463425d1be906c3b290cf29885eb5a2324.