CVE-2026-0843

MEDIUM 6.3

jiujiujia/victor123/wxw850227 jjjfood/jjjshop_food index sql injection

CVSS Score

6.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability has been found in jiujiujia/victor123/wxw850227 jjjfood and jjjshop_food up to 20260103. This vulnerability affects unknown code of the file /index.php/api/product.category/index. Such manipulation of the argument latitude leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product is distributed under multiple different names. The vendor was contacted early about this disclosure but did not respond in any way.

CWE	CWE-89 CWE-74
Vendor	jiujiujia
Product	jjjfood
Published	Jan 11, 2026
Last Updated	Feb 23, 2026

Stay Ahead of the Next One

Get instant alerts for jiujiujia jjjfood

Be the first to know when new medium vulnerabilities affecting jiujiujia jjjfood are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

jiujiujia / jjjfood

20260103

jiujiujia / jjjshop_food

20260103

victor123 / jjjfood

20260103

victor123 / jjjshop_food

20260103

wxw850227 / jjjfood

20260103

wxw850227 / jjjshop_food

20260103

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.340443 vuldb.com: https://vuldb.com/?ctiid.340443 vuldb.com: https://vuldb.com/?submit.731001 101.200.76.102: http://101.200.76.102:38765/qwertyuiop/qwsdfvbnm/1/vuldb/JJJshop/EnglishVers%E4%B8%89%E5%8B%BE%E7%82%B9%E9%A4%90%E7%B3%BB%E7%BB%9FPHP%E7%89%88%E5%AD%98%E5%9C%A8product.category.indexSQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.pdf

Credits

🔍 BadKitty (VulDB User)