CVE-2026-7060: SQL Injection in liyupi yu-picture
CVE-2026-7060 is a medium severity SQL injection vulnerability in the liyupi yu-picture application, specifically in the PageRequest function of PictureServiceImpl. java. The vulnerability arises from unsafe manipulation of the sortField argument, allowing remote attackers to execute SQL injection attacks. The vulnerability affects the version identified by commit a053632c41340152bf75b66b3c543d129123d8ec. The issue has been publicly disclosed and a patch is advised, but no official fix or patch has been released yet. The project maintainers have been informed but have not responded. Exploits are not currently known to be in the wild.
AI Analysis
Technical Summary
The liyupi yu-picture application up to commit a053632c41340152bf75b66b3c543d129123d8ec contains a SQL injection vulnerability in the PageRequest function within PictureServiceImpl.java, related to the MyBatis-Plus component. The vulnerability is triggered by manipulation of the sortField argument, which is not properly sanitized, allowing remote attackers to inject SQL commands. The vulnerability has a CVSS 4.0 base score of 6.9 (medium severity) with network attack vector, low complexity, no privileges or user interaction required, and low impact on confidentiality, integrity, and availability. The vulnerability has been publicly disclosed, but no official patch or remediation is currently available, and the vendor has not yet responded to the issue.
Potential Impact
Successful exploitation of this vulnerability could allow remote attackers to perform SQL injection attacks via the sortField parameter, potentially leading to unauthorized data access or manipulation. The impact is rated medium severity with limited impact on confidentiality, integrity, and availability. There are no known exploits in the wild at this time.
Mitigation Recommendations
No official patch or remediation is currently available for this vulnerability. The vendor has been informed but has not yet responded or released a fix. Users should monitor the vendor's communications for updates and apply any future patches promptly. Until a fix is available, consider implementing input validation or filtering on the sortField parameter as a temporary mitigation, if feasible.
CVE-2026-7060: SQL Injection in liyupi yu-picture
Description
CVE-2026-7060 is a medium severity SQL injection vulnerability in the liyupi yu-picture application, specifically in the PageRequest function of PictureServiceImpl. java. The vulnerability arises from unsafe manipulation of the sortField argument, allowing remote attackers to execute SQL injection attacks. The vulnerability affects the version identified by commit a053632c41340152bf75b66b3c543d129123d8ec. The issue has been publicly disclosed and a patch is advised, but no official fix or patch has been released yet. The project maintainers have been informed but have not responded. Exploits are not currently known to be in the wild.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The liyupi yu-picture application up to commit a053632c41340152bf75b66b3c543d129123d8ec contains a SQL injection vulnerability in the PageRequest function within PictureServiceImpl.java, related to the MyBatis-Plus component. The vulnerability is triggered by manipulation of the sortField argument, which is not properly sanitized, allowing remote attackers to inject SQL commands. The vulnerability has a CVSS 4.0 base score of 6.9 (medium severity) with network attack vector, low complexity, no privileges or user interaction required, and low impact on confidentiality, integrity, and availability. The vulnerability has been publicly disclosed, but no official patch or remediation is currently available, and the vendor has not yet responded to the issue.
Potential Impact
Successful exploitation of this vulnerability could allow remote attackers to perform SQL injection attacks via the sortField parameter, potentially leading to unauthorized data access or manipulation. The impact is rated medium severity with limited impact on confidentiality, integrity, and availability. There are no known exploits in the wild at this time.
Mitigation Recommendations
No official patch or remediation is currently available for this vulnerability. The vendor has been informed but has not yet responded or released a fix. Users should monitor the vendor's communications for updates and apply any future patches promptly. Until a fix is available, consider implementing input validation or filtering on the sortField parameter as a temporary mitigation, if feasible.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-04-26T01:19:00.706Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69ee75ceba26a39fba5bc32e
Added to database: 4/26/2026, 8:30:06 PM
Last enriched: 4/26/2026, 8:45:04 PM
Last updated: 4/26/2026, 9:34:36 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.