CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3561 – ghostxbh uzy-ssm-mall cross-site request forgery
https://notcve.org/view.php?id=CVE-2025-3561
14 Apr 2025 — A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. • https://vuldb.com/?ctiid.304602 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3560 – ghostxbh uzy-ssm-mall product cross site scripting
https://notcve.org/view.php?id=CVE-2025-3560
14 Apr 2025 — A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0 and classified as problematic. This issue affects some unknown processing of the file /product. The manipulation of the argument product_name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.304601 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3559 – ghostxbh uzy-ssm-mall 20 ForeProductListController sql injection
https://notcve.org/view.php?id=CVE-2025-3559
14 Apr 2025 — A vulnerability has been found in ghostxbh uzy-ssm-mall 1.0.0 and classified as critical. This vulnerability affects the function ForeProductListController of the file /mall/product/0/20. The manipulation of the argument orderBy leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.304600 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3558 – ghostxbh uzy-ssm-mall uploadUserHeadImage unrestricted upload
https://notcve.org/view.php?id=CVE-2025-3558
14 Apr 2025 — A vulnerability, which was classified as critical, was found in ghostxbh uzy-ssm-mall 1.0.0. This affects an unknown part of the file /mall/user/uploadUserHeadImage. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.304599 • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •