SQL Injection Vulnerability in Ghostxbh Uzy-ssm-mall by Ghostxbh
CVE-2025-3559
Key Information:
- Vendor
- Ghostxbh
- Status
- Uzy-ssm-mall
- Vendor
- CVE Published:
- 14 April 2025
Badges
Summary
A significant SQL injection vulnerability exists in the Ghostxbh uzy-ssm-mall version 1.0.0 within the ForeProductListController function. The flaw arises from improper handling of the 'orderBy' argument, allowing an attacker to manipulate queries, potentially exposing sensitive data. This issue can be exploited remotely, making it a critical concern for users of the affected product. The vendor has been notified of this vulnerability but has not provided any response.
Affected Version(s)
uzy-ssm-mall 1.0.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved