CVE-2026-5328

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions shsuishang modulithshop versions prior to 829bac71f507e84684c782b9b062b8bf3b5585d6

Description A weakness exists in shsuishang modulithshop. Manipulation of the sidx/sort argument in the listItem function within the ProductIndexServiceImpl.java file of the ProductItemDao Interface component can lead to SQL injection. This attack can be performed remotely, and an exploit is publicly available.

Recommendations Apply patch 42bcb9463425d1be906c3b290cf29885eb5a2324.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2026-5328

Affected Products

Modulithshop

CVE-2026-5328

Weakness Enumeration

Related Identifiers

Affected Products

References · 9