VYPR

yshopmall

by yshopmall

CVEs (2)

  • CVE-2024-50648CriNov 15, 2024
    risk 0.64cvss 9.8epss 0.01

    yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over the server when improperly configured to parse JSP files.

  • CVE-2025-25426HigMar 4, 2025
    risk 0.47cvss 7.2epss 0.00

    yshopmall <=v1.9.0 is vulnerable to SQL Injection in the image listing interface.