CVE-2026-2146 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the com…
Medium CVSS: 5.3

CVE-2026-2146

A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Vendor
Guchengwuyue
Product
Yshopmall
CWE
CWE-284
Yayın Tarihi
2026-02-08 10:15:49
Güncelleme
2026-02-17 19:07:15
Source Identifier
cna@vuldb.com
KEV Date Added
-

Kategoriler

CWE-284 Yshopmall MEDIUM Guchengwuyue 2026

Referanslar

https://github.com/guchengwuyue/yshopmall/ https://github.com/guchengwuyue/yshopmall/issues/40 https://github.com/guchengwuyue/yshopmall/issues/40#issue-3860542812 https://vuldb.com/?ctiid.344848 https://vuldb.com/?id.344848 https://vuldb.com/?submit.747409