Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
6.3
CVSSv3

CVE-2025-3559

CVSSv4: 5.3 | CVSSv3: 6.3 | CVSSv2: 6.5 | VMScore: 630 | EPSS: 0.00029 | KEV: Not Included
Published: 14/04/2025 Updated: 15/04/2025

Vulnerability Summary

SQL Injection in ghostxbh uzy-ssm-mall 1.0.0 via Manipulation of orderBy Argument

A critical vulnerability exists in ghostxbh uzy-ssm-mall version 1.0.0 within the ForeProductListController function located at /mall/product/0/20. The vulnerability allows remote SQL injection through manipulation of the orderBy argument. This security flaw can be initiated remotely, and details about the exploit have been publicly disclosed. The vendor was notified about the vulnerability but did not provide a response to address the issue.

Vulnerable Product Search on Vulmon Subscribe to Product

ghostxbh uzy-ssm-mall

References

CWE-74CWE-89https://nvd.nist.govhttps://www.first.org/epsshttps://vuldb.com/?ctiid.304600https://vuldb.com/?id.304600https://vuldb.com/?submit.549260https://wiki.shikangsi.com/post/share/ba8925f0-0480-4356-9b32-4543d0ea8671
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-42599CVE-2025-3808phpgurukulinsecure direct object referenceCVE-2025-3840CVE-2025-43967men salon management systemdenial of servicevirtuemart component for joomlapritunlLFICVE-2025-32433CVE-2022-47112
Home
/
Search Results
/
CVE-2025-3559
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook