PatchSiren

uzy-ssm-mall CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM uzy-ssm-mall CVE published 2026-05-27

CVE-2026-38808

A SQL injection vulnerability exists in uzy-ssm-mall v1.1.0, a Java-based e-commerce application. The flaw resides in the ProductMapper.xml MyBatis mapper configuration and the OrderUtil.java utility component. An unauthenticated remote attacker can exploit this weakness to inject malicious SQL commands, potentially extracting sensitive database information including customer data, order details, or admin [truncated]