CVE-2025-15496 | guchengwuyue yshopmall up to 1.9.1 /api/jobs getPage sort sql injection

A vulnerability has been found in guchengwuyue yshopmall up to 1.9.1 and classified as critical. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection.

This vulnerability appears as CVE-2025-15496. The attack may be initiated remotely. In addition, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More