{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/liyupi/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7060"}],"_cs_exploited":false,"_cs_products":["yu-picture"],"_cs_severities":["high"],"_cs_tags":["sql-injection","cve-2026-7060","web-application"],"_cs_type":"advisory","_cs_vendors":["liyupi"],"content_html":"\u003cp\u003eA SQL injection vulnerability has been identified in liyupi yu-picture, a web application, affecting versions up to commit a053632c41340152bf75b66b3c543d129123d8ec. The vulnerability, tracked as CVE-2026-7060, resides in the PageRequest function within the PictureServiceImpl.java file, specifically related to the MyBatis-Plus component. An attacker can exploit this vulnerability remotely by manipulating the \u003ccode\u003esortField\u003c/code\u003e argument. Public exploitation details are available, increasing the risk. Given the lack of versioning in the product, determining affected and unaffected releases is challenging, emphasizing the need for immediate patching.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies an endpoint that utilizes the vulnerable \u003ccode\u003ePageRequest\u003c/code\u003e function in \u003ccode\u003ePictureServiceImpl.java\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the vulnerable endpoint.\u003c/li\u003e\n\u003cli\u003eThe attacker injects a SQL payload into the \u003ccode\u003esortField\u003c/code\u003e parameter of the \u003ccode\u003ePageRequest\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe application processes the crafted request, passing the malicious SQL payload to the MyBatis-Plus component.\u003c/li\u003e\n\u003cli\u003eMyBatis-Plus executes the injected SQL query against the application\u0026rsquo;s database.\u003c/li\u003e\n\u003cli\u003eThe database executes the injected SQL, potentially allowing the attacker to read, modify, or delete data.\u003c/li\u003e\n\u003cli\u003eThe attacker retrieves sensitive information from the database, such as user credentials or configuration details.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the compromised data to further compromise the application or gain access to the underlying system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability (CVE-2026-7060) can lead to unauthorized data access, modification, or deletion, potentially resulting in complete compromise of the application and its underlying database. The absence of versioning makes identifying vulnerable installations difficult. Given the publicly available exploit, affected organizations are at increased risk of attack.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch or update the liyupi yu-picture application to a version containing the fix for CVE-2026-7060 as soon as it becomes available.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization on the \u003ccode\u003esortField\u003c/code\u003e parameter within the \u003ccode\u003ePageRequest\u003c/code\u003e function to prevent SQL injection.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Malicious SortField SQL Injection\u003c/code\u003e to identify attempts to exploit this vulnerability in web server logs.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious activity targeting endpoints that use the \u003ccode\u003ePageRequest\u003c/code\u003e function.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-09T12:00:00Z","date_published":"2024-01-09T12:00:00Z","id":"/briefs/2024-01-09-yu-picture-sqli/","summary":"A SQL injection vulnerability (CVE-2026-7060) exists in liyupi yu-picture versions up to a053632c41340152bf75b66b3c543d129123d8ec, allowing a remote attacker to execute arbitrary SQL commands by manipulating the sortField argument in the PageRequest function of PictureServiceImpl.java.","title":"liyupi yu-picture SQL Injection Vulnerability (CVE-2026-7060)","url":"https://feed.craftedsignal.io/briefs/2024-01-09-yu-picture-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — Liyupi","version":"https://jsonfeed.org/version/1.1"}