CVE-2025-60833

Medium CVSS: 6.5

An XML External Entity (XXE) vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying crafted XML data.

Vendor

Ghostxbh

Product

Uzy-ssm-mall

CWE

CWE-91

Yayın Tarihi

2025-10-08 14:15:46

Güncelleme

2025-10-10 16:16:13

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-91 Uzy-ssm-mall MEDIUM Ghostxbh 2025

Referanslar

https://gist.github.com/ChangeYourWay/1364b9e78490ebd5cd31bcdc105a914f https://github.com/ChangeYourWay/post/blob/main/uzy-ssm-mall.md

Benzer Kayıtlar

Medium

CVE-2025-60834

A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying…

Medium

CVE-2025-3561

A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0. It has been classified as problematic. Affected is an unknown…

Medium

CVE-2025-3560

A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0 and classified as problematic. This issue affects some unknown…

Medium

CVE-2025-3558

A vulnerability, which was classified as critical, was found in ghostxbh uzy-ssm-mall 1.0.0. This affects an unknown par…

Medium

CVE-2025-3559

A vulnerability has been found in ghostxbh uzy-ssm-mall 1.0.0 and classified as critical. This vulnerability affects the…