Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
shsuishang modulithshop ProductItemDao ProductIndexServiceImpl.java listItem sql injection
Vulnerability Description
A weakness has been identified in shsuishang modulithshop up to 829bac71f507e84684c782b9b062b8bf3b5585d6. The impacted element is the function listItem of the file src/main/java/com/suisung/shopsuite/pt/service/impl/ProductIndexServiceImpl.java of the component ProductItemDao Interface. Executing a manipulation of the argument sidx/sort can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. This patch is called 42bcb9463425d1be906c3b290cf29885eb5a2324. A patch should be applied to remediate this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
ModulithShop SQL注入漏洞
Vulnerability Description
ModulithShop是Shopsuite个人开发者的一个在线商城系统。 modulithshop存在SQL注入漏洞,该漏洞源于组件ProductItemDao Interface的文件src/main/java/com/suisung/shopsuite/pt/service/impl/ProductIndexServiceImpl.java中函数listItem对参数sidx/sort的操作不当,可能导致SQL注入。
CVSS Information
N/A
Vulnerability Type
N/A