SQL Injection Flaw in uzy-ssm-mall Product by Unknown Vendor
CVE-2026-38808
Currently unrated
What is CVE-2026-38808?
The SQL Injection vulnerability in the uzy-ssm-mall product version 1.1.0 enables remote attackers to execute arbitrary SQL commands. These commands can be leveraged to retrieve sensitive information from the system, compromising data integrity and user confidentiality. The attack can be executed through the ProductMapper.xml and /OrderUtil.java components, highlighting the necessity for immediate remediation to safeguard affected systems.
