Vulnerabilities

CVE-2026-3287 - youlaitech youlai-mall App-side Product Pagination Endpoint SpuController.java li...

2026-02-27 0 views admin

CVE ID : CVE-2026-3287 Published : Feb. 27, 2026, 5:18 a.m. | 1 hour, 1 minute ago Description : A security flaw has been discovered in youlaitech youlai-mall 2.0.0. This affects the function listPagedSpuForApp of the file mall-pms/pms-boot/src/main/java/com/youlai/mall/pms/controller/app/SpuController.java of the component App-side Product Pagination Endpoint. Performing a manipulation of the argument sortField/sort results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-3287

Severity

MEDIUM

Published

Feb. 27, 2026

Affected Product: java

Impact: sql injection

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-3287mediumjava

CVE-2026-3287 - youlaitech youlai-mall App-side Product Pagination Endpoint SpuController.java li...

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2026-1442 - Unitree UPK files Hard-Coded Key

CVE-2026-1558 - WP Recipe Maker <= 10.3.2 - insecure direct object reference to unauthenticated a...

CVE-2026-28370 - OpenStack Vitrage Code Execution Vulnerability

CVE-2026-3292 - jizhiCMS Batch Model.php findAll sql injection

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting