CVE-2026-0843

MEDIUM

jjjfood/jjjshop_food <20260103 - SQL Injection

Title source: llm

Description

A vulnerability has been found in jiujiujia/victor123/wxw850227 jjjfood and jjjshop_food up to 20260103. This vulnerability affects unknown code of the file /index.php/api/product.category/index. Such manipulation of the argument latitude leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product is distributed under multiple different names. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

Core 4

Core References

Permissions Required, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.340443

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.340443

Permissions Required, VDB Entry third-party-advisory

https://vuldb.com/?submit.731001

Various Sources exploit

http://101.200.76.102:38765/qwertyuiop/qwsdfvbnm/1/vuldb/JJJshop/EnglishVers%E4%B8%89%E5%8B%BE%E7%82%B9%E9%A4%90%E7%B3%BB%E7%BB%9FPHP%E7%89%88%E5%AD%98%E5%9C%A8product.category.indexSQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.pdf

Scores

CVSS v3 6.3

EPSS 0.0020

EPSS Percentile 9.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-74 CWE-89

Status published

Products (6)

jiujiujia/jjjfood 20260103

jiujiujia/jjjshop_food 20260103

victor123/jjjfood 20260103

victor123/jjjshop_food 20260103

wxw850227/jjjfood 20260103

wxw850227/jjjshop_food 20260103

Published Jan 11, 2026

Tracked Since Feb 18, 2026