CVE-2025-10291 linlinjava litemall cancel WxAftersaleController improper authorization

A weakness has been identified in linlinjava litemall up to 1.8.0. This affects the function WxAftersaleController of the file /wx/aftersale/cancel. Executing manipulation of the argument ID can lead to improper authorization. The attack can be executed remotely. The exploit has been made availab...

PT-2025-37288

Name of the Vulnerable Software and Affected Versions: linlinjava litemall versions up to 1.8.0 Description: A weakness exists in linlinjava litemall up to version 1.8.0. The issue affects the WxAftersaleController function within the /wx/aftersale/cancel file. Manipulation of the ID argument can...

CVE-2025-8991

A vulnerability was identified in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file /admin/config/express of the component Business Logic Handler. The manipulation of the argument litemallexpressfreightmin leads to business logic errors. The...

CVE-2025-8991

A vulnerability was identified in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file /admin/config/express of the component Business Logic Handler. The manipulation of the argument litemallexpressfreightmin leads to business logic errors. The...

CVE-2025-8991 linlinjava litemall Business Logic express logic error

A vulnerability was identified in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file /admin/config/express of the component Business Logic Handler. The manipulation of the argument litemallexpressfreightmin leads to business logic errors. The...

PT-2025-33423 · Linlinjava · Litemall

Name of the Vulnerable Software and Affected Versions: linlinjava litemall versions up to 1.8.0 Description: A vulnerability was identified in linlinjava litemall. The issue affects an unknown functionality within the /admin/config/express file of the Business Logic Handler component. Manipulatio...

CVE-2025-8965 linlinjava litemall Endpoint AdminStorageController.java create unrestricted upload

A vulnerability has been found in linlinjava litemall up to 1.8.0. This vulnerability affects the function create of the file litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminStorageController.java of the component Endpoint. The manipulation of the argument File leads to...

CVE-2025-8965 linlinjava litemall Endpoint AdminStorageController.java create unrestricted upload

A vulnerability has been found in linlinjava litemall up to 1.8.0. This vulnerability affects the function create of the file litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminStorageController.java of the component Endpoint. The manipulation of the argument File leads to...

PT-2025-33303 · Linlinjava · Litemall

Name of the Vulnerable Software and Affected Versions: linlinjava litemall versions up to 1.8.0 Description: A vulnerability exists in linlinjava litemall up to version 1.8.0, specifically within the create function located in the file...

PT-2025-33360 · Linlinjava · Litemall

Name of the Vulnerable Software and Affected Versions: linlinjava litemall versions up to 1.8.0 Description: A vulnerability exists in linlinjava litemall up to version 1.8.0, specifically within the JSON Web Token Handler component, located in the file...

CVE-2025-8764

A vulnerability classified as critical has been found in linlinjava litemall up to 1.8.0. Affected is the function Upload of the file /wx/storage/upload. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclose...

CVE-2025-8764

A vulnerability classified as critical has been found in linlinjava litemall up to 1.8.0. Affected is the function Upload of the file /wx/storage/upload. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclose...

CVE-2025-8764

A vulnerability classified as critical has been found in linlinjava litemall up to 1.8.0. Affected is the function Upload of the file /wx/storage/upload. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclose...

CVE-2025-8764 linlinjava litemall upload unrestricted upload

A vulnerability classified as critical has been found in linlinjava litemall up to 1.8.0. Affected is the function Upload of the file /wx/storage/upload. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclose...

CVE-2025-8764

CVE-2025-8764 affects linlinjava litemall up to version 1.8.0. The vulnerability is in the Upload function of /wx/storage/upload, where manipulating the File argument leads to unrestricted file upload. It can be exploited remotely and exploit details have been disclosed publicly. Remediation per ...

CVE-2025-8753

A vulnerability, which was classified as critical, has been found in linlinjava litemall up to 1.8.0. Affected by this issue is the function delete of the file /admin/storage/delete of the component File Handler. The manipulation of the argument key leads to path traversal. The attack may be...

CVE-2025-8753 linlinjava litemall File delete path traversal

A vulnerability, which was classified as critical, has been found in linlinjava litemall up to 1.8.0. Affected by this issue is the function delete of the file /admin/storage/delete of the component File Handler. The manipulation of the argument key leads to path traversal. The attack may be...

PT-2025-32451 · Linlinjava · Litemall

Name of the Vulnerable Software and Affected Versions: linlinjava litemall versions prior to 1.8.1 Description: A critical issue exists in linlinjava litemall up to version 1.8.0. The Upload function within the /wx/storage/upload file is susceptible to unrestricted file upload due to manipulation...

CVE-2025-6702

A vulnerability, which was classified as problematic, was found in linlinjava litemall 1.8.0. Affected is an unknown function of the file /wx/comment/post. The manipulation of the argument adminComment leads to improper authorization. It is possible to launch the attack remotely. The exploit has...

CVE-2025-6702 linlinjava litemall post improper authorization

A vulnerability, which was classified as problematic, was found in linlinjava litemall 1.8.0. Affected is an unknown function of the file /wx/comment/post. The manipulation of the argument adminComment leads to improper authorization. It is possible to launch the attack remotely. The exploit has...