CVE-2026-8773 linlinjava litemall Database Setting DbUtil.java load argument injection

A security vulnerability has been detected in linlinjava litemall up to 1.8.0. Affected by this vulnerability is the function backup/load of the file litemall-db/src/main/java/org/linlinjava/litemall/db/util/DbUtil.java of the component Database Setting Handler. The manipulation of the argument...

CVE-2025-8974 linlinjava litemall JSON Web Token JwtHelper.java hard-coded credentials

A vulnerability was determined in linlinjava litemall up to 1.8.0. Affected by this issue is some unknown functionality of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/util/JwtHelper.java of the component JSON Web Token Handler. The manipulation of the argument SECRET with th...

CVE-2025-8974

CVE-2025-8974 affects linlinjava litemall up to version 1.8.0, specifically the JwtHelper.java in the Wx API’s JSON Web Token Handler. The issue arises from manipulating the SECRET argument via the X-Litemall-Token input, resulting in hard-coded credentials. Exploitation can be remote; attack com...

Litemall Security Breach

Litemall is an e-commerce system for Linlinjava individual developers. A security vulnerability exists in Litemall v.1.8.0 that allows remote attackers to obtain sensitive information via the nickname, consignee, orderSN, orderStatusArray parameters of the AdminOrdercontroller.java component...