CVE-2025-63689

Published
View on NVD ↗
CVSS v3
10
CRITICAL
CVSS v2
N/A
Affected
1
PROJECT

Description

Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 (2025-09-14) allows a remote attacker to execute arbitrary code via the orderby parameter

ycf1998/money-pos
ycf1998/money-pos
麦尼收银系统:基于Spring Boot 2.7、Spring Security、MybatisPlus ,包含系统管理、收银台、会员管理、商品管理、订单管理功能。
GitHubGitHub
90