Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
Weimai-Wetapp allows attackers to inject malicious SQL code
CVE-2026-3956
Summary
A security flaw in Weimai-Wetapp's admin user management system makes it possible for attackers to inject malicious code into the system. This could allow an attacker to access sensitive data or take control of the system. If you use Weimai-Wetapp, we recommend checking for any updates or patches to ensure your system is secure.
Original title
A vulnerability was detected in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. This affects the function getAdmins of the file source-code/src/main/java/com/moke/wp/wx_we...
Original description
A vulnerability was detected in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. This affects the function getAdmins of the file source-code/src/main/java/com/moke/wp/wx_weimai/controller/admin/Admin_AdminUserController.java. Performing a manipulation of the argument keyword results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.
nvd CVSS2.0
5.8
nvd CVSS3.1
4.7
nvd CVSS4.0
5.1
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026