Primary

Context

Jihai Jshop MiniProgram Mall SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in Jihai Jshop MiniProgram Mall System version 2.9.0. The issue arises in the file '/index.php/api.html', where the 'cat_id' parameter can be manipulated to execute unauthorized SQL commands. This vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows attackers to execute arbitrary SQL commands, potentially leading to unauthorized data access or manipulation.

Reproduction

The vulnerability can be reproduced by sending a request to '/index.php/api.html' with a crafted 'cat_id' parameter that includes SQL injection payloads. This can be done using tools like SQLMap, which automates the process of finding and exploiting SQL injection vulnerabilities.

Added: Dec 8, 2025, 6:21 PM

Updated: Dec 8, 2025, 6:36 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jihai Jshop MiniProgram Mall SQL Injection Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating