CNNVD-202602-1219 Information

CNNVD ID

CNNVD-202602-1219

Related CVE

CVE-2026-2146

• CNNVD Published: 2026-02-08

Description (Chinese)

yshopmall是guchengwuyue个人开发者的一个商城系统。 yshopmall 1.9.1及之前版本存在代码问题漏洞，该漏洞源于对文件/api/users/updateAvatar中参数File的错误操作，可能导致任意文件上传。

Description (English)

Yshopmall is a mall system of guchengwuyue personal developers. Yshopmall 1.9.1 and previous versions had a code problem loophole, which stemmed from an erroneous operation on File, the parameter in file/api/user/updateAvatar, which could lead to any upload.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

个人开发者

Published

2026-02-08

Last Modified

2026-02-24

References

https://github.com/guchengwuyue/yshopmall/ https://github.com/guchengwuyue/yshopmall/issues/40 https://vuldb.com/?id.344848 https://github.com/guchengwuyue/yshopmall/issues/40#issue-3860542812 https://vuldb.com/?submit.747409 https://vuldb.com/?ctiid.344848 https://access.redhat.com/security/cve/cve-2026-2146