CVE-2026-0843

Name of the Vulnerable Software and Affected Versions jjjfood and jjjshop food versions up to 20260103

Description A flaw exists in jjjfood and jjjshop food that allows for SQL injection. The issue is located in unknown code within the file '/index.php/api/product.category/index'. Manipulation of the latitude argument can trigger the injection. The attack can be performed remotely. The exploit has been publicly disclosed. There is evidence of increased targeting of jiujiujia and other vendors related to this issue.

Recommendations Versions up to 20260103 should be updated. As a temporary workaround, restrict or disable access to the /index.php/api/product.category/index endpoint. Avoid using the latitude parameter in the affected API endpoint until the issue is resolved.