CNNVD-202601-3910 Information

Jan 22, 2026 cve

CNNVD ID

CNNVD-202601-3910

CVE-2026-23959

  • CNNVD Published: 2026-01-22

Description (Chinese)

CoreShop是CoreShop开源的一个电子商务系统。 CoreShop 4.1.9之前版本存在安全漏洞,该漏洞源于CustomerTransformerController中用户输入被不当内插到SQL查询,可能导致SQL注入和数据泄露。

Description (English)

CoreShop is an e-commerce system open to CoreShop. The previous version of CoreShop 4.1.9 had a security loophole, which stemmed from the improper interpolation of user input into SQL in CustomerTransmerController, which could lead to SQL injection and data leakage.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

CoreShop

Published

2026-01-22

Last Modified

2026-02-24

References

https://github.com/coreshop/CoreShop/commit/af80b8f5c7df5f02f44e9c5e0a4a564de274eec2 https://github.com/coreshop/CoreShop/releases/tag/4.1.9 https://github.com/coreshop/CoreShop/security/advisories/GHSA-fqcv-8859-86x2

Patch

https://www.coreshop.com/en

Share on: