Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
Weimai-WetApp allows attackers to inject malicious SQL code
CVE-2026-3957
Summary
A security flaw in Weimai-WetApp's code allows hackers to inject malicious SQL code, potentially giving them access to sensitive information. This issue affects the app's ability to safely retrieve movie lists and could be exploited remotely. Until the issue is fixed, we recommend avoiding using the app or using a secure alternative.
Original title
A flaw has been found in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. This vulnerability affects the function getLikeMovieList of the file source-code/src/main/java/com...
Original description
A flaw has been found in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. This vulnerability affects the function getLikeMovieList of the file source-code/src/main/java/com/moke/wp/wx_weimai/controller/HomeController.java of the component Endpoint. Executing a manipulation of the argument cat can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet.
nvd CVSS2.0
5.8
nvd CVSS3.1
4.7
nvd CVSS4.0
5.1
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
Published: 11 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026