Home

Description

A vulnerability has been found in jiujiujia/victor123/wxw850227 jjjfood and jjjshop_food up to 20260103. This vulnerability affects unknown code of the file /index.php/api/product.category/index. Such manipulation of the argument latitude leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product is distributed under multiple different names. The vendor was contacted early about this disclosure but did not respond in any way.

PUBLISHED Reserved 2026-01-10 | Published 2026-01-11 | Updated 2026-01-12 | Assigner VulDB




MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
MEDIUM: 6.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
MEDIUM: 6.3CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
6.5AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

Problem types

SQL Injection

Injection

Product status

20260103
affected

20260103
affected

20260103
affected

20260103
affected

20260103
affected

20260103
affected

Timeline

2026-01-10:Advisory disclosed
2026-01-10:VulDB entry created
2026-01-10:VulDB entry last update

Credits

BadKitty (VulDB User) reporter

References

vuldb.com/?id.340443 (VDB-340443 | jiujiujia/victor123/wxw850227 jjjfood/jjjshop_food index sql injection) vdb-entry technical-description

vuldb.com/?ctiid.340443 (VDB-340443 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.731001 (Submit #731001 | https://www.jiujiujia.net/ PHP-based Three-Dot Ordering System Vulnerable to SQL Injection lasest SQL Injection) third-party-advisory

101.200.76.102/...¨product.category.indexSQL注入æ¼æ´ž.pdf exploit

cve.org (CVE-2026-0843)

nvd.nist.gov (CVE-2026-0843)

Download JSON