Guchengwuyue Yshopmall
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Guchengwuyue Yshopmall.
By the Year
In 2026 there have been 2 vulnerabilities in Guchengwuyue Yshopmall with an average score of 6.3 out of ten. Last year, in 2025 Yshopmall had 1 security vulnerability published. That is, 1 more vulnerability have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 6.30 |
| 2025 | 1 | 0.00 |
| 2024 | 1 | 0.00 |
It may take a day or so for new Yshopmall vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Guchengwuyue Yshopmall Security Vulnerabilities
Unrestricted File Upload in guchengwuyue yshopmall <=1.9.1 (FileUtil)
CVE-2026-2146
6.3 - Medium
- February 08, 2026
A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Unrestricted File Upload
SQLi via sort in /api/jobs of Guchengwuyue YShopmall 1.9.1
CVE-2025-15496
6.3 - Medium
- January 09, 2026
A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
SQL Injection
SQLi in Yshopmall <=1.9.0 image listing interface
CVE-2025-25426
- March 04, 2025
yshopmall <=v1.9.0 is vulnerable to SQL Injection in the image listing interface.
yshopmall V1.0 arbitrary file upload (RCE via JSP)
CVE-2024-50648
- November 15, 2024
yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over the server when improperly configured to parse JSP files.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Guchengwuyue Yshopmall or by Guchengwuyue? Click the Watch button to subscribe.
