CNNVD-202510-1149 Information

CNNVD ID

CNNVD-202510-1149

Related CVE

CVE-2025-60833

• CNNVD Published: 2025-10-08

Description (Chinese)

uzy-ssm-mall（柚子云电子商城）是ghostxbh个人开发者的一个SSM框架，用于打造电子商城，书店商城，客户管理等。 uzy-ssm-mall 1.1.0版本存在安全漏洞，该漏洞源于/mall/wxpay/pay组件存在XML外部实体引用，可能导致执行任意代码。

Description (English)

uzy-ssm-mall (City of E-Cities of Graffles) is a SSM framework for goostxbh personal developers to build e-Cities, bookshops, customer management, etc. There is a security loophole in version uzy-ssm-mall 1.1.0, which originates from the presence of an XML external entity in the /mall/wxpay/pay component, which may lead to the implementation of any code.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-10-08

Last Modified

2026-02-24

References

https://gist.github.com/ChangeYourWay/1364b9e78490ebd5cd31bcdc105a914f https://github.com/ChangeYourWay/post/blob/main/uzy-ssm-mall.md https://access.redhat.com/security/cve/cve-2025-60833