CVE-2026-0843
Published: Jan 11, 2026
Modified: Feb 23, 2026
CVSS v3.1
6.3
Description
A vulnerability has been found in jiujiujia/victor123/wxw850227 jjjfood and jjjshop_food up to 20260103. This vulnerability affects unknown code of the file /index.php/api/product.category/index. Such manipulation of the argument latitude leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product is distributed under multiple different names. The vendor was contacted early about this disclosure but did not respond in any way.
| Vendor | Product | Versions |
|---|---|---|
jiujiujia | jjjfood | affected 20260103 |
jiujiujia | jjjshop_food | affected 20260103 |
victor123 | jjjfood | affected 20260103 |
victor123 | jjjshop_food | affected 20260103 |
wxw850227 | jjjfood | affected 20260103 |
wxw850227 | jjjshop_food | affected 20260103 |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now