CVE-2026-3956

Name of the Vulnerable Software and Affected Versions xierongwkhd weimai-wetapp versions prior to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2

Description A security issue exists in xierongwkhd weimai-wetapp. The getAdmins function within the file source-code/src/main/java/com/moke/wp/wx weimai/controller/admin/Admin AdminUserController.java is susceptible to SQL injection. Manipulating the keyword argument can trigger this issue. Remote exploitation is possible. The exploit is publicly available. The software utilizes a rolling release model, meaning specific version details for affected or updated releases are not provided. The project maintainers were notified of the problem but have not yet responded.

Recommendations Versions prior to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2: As a temporary workaround, consider restricting access to the getAdmins function until a patch is available.