{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-15496","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2026-01-09T11:42:29.007Z","datePublished":"2026-01-09T17:02:12.054Z","dateUpdated":"2026-02-23T08:26:36.154Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2026-02-23T08:26:36.154Z"},"title":"guchengwuyue yshopmall jobs getPage sql injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-89","lang":"en","description":"SQL Injection"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-74","lang":"en","description":"Injection"}]}],"affected":[{"vendor":"guchengwuyue","product":"yshopmall","versions":[{"version":"1.9.0","status":"affected"},{"version":"1.9.1","status":"affected"}],"cpes":["cpe:2.3:a:guchengwuyue:yshopmall:*:*:*:*:*:*:*:*"]}],"descriptions":[{"lang":"en","value":"A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2026-01-09T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2026-01-09T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2026-01-23T11:23:52.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"mukyuuhate (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.340274","name":"VDB-340274 | guchengwuyue yshopmall jobs getPage sql injection","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.340274","name":"VDB-340274 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.726464","name":"Submit #726464 | https://github.com/guchengwuyue/yshopmall yshopmall V1.9.1 SQL Injection","tags":["third-party-advisory"]},{"url":"https://github.com/guchengwuyue/yshopmall/issues/39","tags":["issue-tracking"]},{"url":"https://github.com/guchengwuyue/yshopmall/issues/39#issue-3769727898","tags":["exploit","issue-tracking"]},{"url":"https://github.com/guchengwuyue/yshopmall/","tags":["product"]}]},"adp":[{"references":[{"url":"https://github.com/guchengwuyue/yshopmall/issues/39","tags":["exploit"]},{"url":"https://github.com/guchengwuyue/yshopmall/issues/39#issue-3769727898","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-01-09T17:46:21.458368Z","id":"CVE-2025-15496","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-09T18:36:47.236Z"}}]}}