Submit #780789: Shopsuite modulithshop 829bac71f507e84684c782b9b062b8bf3b5585d6 SQL Injectioninfo

TitleShopsuite modulithshop 829bac71f507e84684c782b9b062b8bf3b5585d6 SQL Injection
DescriptionThe ShopSuite system contains a SQL injection vulnerability in the listItemKey method of the ProductItemDao interface. Attackers can inject malicious SQL code through the sidx and sort parameters in ORDER BY clauses, allowing extraction of sensitive information from the database including product data, user information, system configuration, and potentially administrative credentials.
Source⚠️ https://github.com/shsuishang/modulithshop/issues/3
User
 Anonymous User
Submission03/16/2026 12:51 (4 months ago)
Moderation04/01/2026 15:29 (16 days later)
StatusAccepted
VulDB entry354659 [shsuishang modulithshop up to 829bac71f507e84684c782b9b062b8bf3b5585d6 ProductItemDao Interface ProductIndexServiceImpl.java listItem sidx/sort sql injection]
Points19

Do you want to use VulDB in your project?

Use the official API to access entries easily!