Lucene search
+L

55 matches found

nvd
nvd
added 2023/08/21 1:15 a.m.22 views

CVE-2023-4445

A vulnerability, which was classified as critical, has been found in Mini-Tmall up to 20230811. Affected by this issue is some unknown functionality of the file product/1/1?test=1&test2=2&. The manipulation of the argument orderBy leads to sql injection. The attack may be launched remotely. The...

9.8CVSS7.3AI score0.005EPSS
Exploits0References3
osv
osv
added 2023/08/21 1:15 a.m.5 views

CVE-2023-4445

A vulnerability, which was classified as critical, has been found in Mini-Tmall up to 20230811. Affected by this issue is some unknown functionality of the file product/1/1?test=1&test2=2&. The manipulation of the argument orderBy leads to sql injection. The attack may be launched remotely. The...

9.8CVSS5.7AI score0.005EPSS
Exploits0References3
prion
prion
added 2023/08/21 1:15 a.m.16 views

Sql injection

A vulnerability, which was classified as critical, has been found in Mini-Tmall up to 20230811. Affected by this issue is some unknown functionality of the file product/1/1?test=1&test2=2&. The manipulation of the argument orderBy leads to sql injection. The attack may be launched remotely. The...

6.5CVSS9.6AI score0.005EPSS
Exploits0References3Affected Software1
cve
cve
added 2023/08/21 1:0 a.m.134 views

CVE-2023-4445

CVE-2023-4445 impacts Mini-Tmall up to 20230811. A vulnerability in the function/file path product/1/1?test=1&test2=2& allows SQL injection via manipulation of the orderBy argument. The issue can be exploited remotely; exploitation details are disclosed publicly. A patch/version that fixes this i...

9.8CVSS8.2AI score0.005EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2023/08/21 1:0 a.m.29 views

CVE-2023-4445 Mini-Tmall sql injection

A vulnerability, which was classified as critical, has been found in Mini-Tmall up to 20230811. Affected by this issue is some unknown functionality of the file product/1/1?test=1&test2=2&. The manipulation of the argument orderBy leads to sql injection. The attack may be launched remotely. The...

6.5CVSS9.9AI score0.005EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2023/08/21 12:0 a.m.4 views

PT-2023-29243 · Unknown · Mini-Tmall

Name of the Vulnerable Software and Affected Versions: Mini-Tmall versions up to 20230811 Description: A critical issue has been found, affecting some unknown functionality of the file product/1/1?test=1&test2=2&, allowing for SQL injection through the manipulation of the orderBy argument. This...

9.8CVSS7AI score0.005EPSS
Exploits0References4
cnnvd
cnnvd
added 2023/08/21 12:0 a.m.5 views

Mini-Tmall SQL注入漏洞

Mini-Tmall is a Spring Boot-based mini-Tmall mall, fast deployment runtime, suitable for use as a Bijou template. Mini-Tmall suffers from a SQL injection vulnerability, which stems from the fact that incorrect manipulation of the parameter orderBy can lead to sql injection...

9.8CVSS7.1AI score0.005EPSS
Exploits0References4
attackerkb
attackerkb
added 2022/07/06 3:15 p.m.4 views

CVE-2022-30929

Mini-Tmall v1.0 is vulnerable to Insecure Permissions via tomcat-embed-jasper...

8.8CVSS7.3AI score0.01753EPSS
Exploits1References3
osv
osv
added 2022/07/06 3:15 p.m.3 views

CVE-2022-30929

Mini-Tmall v1.0 is vulnerable to Insecure Permissions via tomcat-embed-jasper...

8.8CVSS5.8AI score0.01753EPSS
Exploits1References2
nvd
nvd
added 2022/07/06 3:15 p.m.25 views

CVE-2022-30929

Mini-Tmall v1.0 is vulnerable to Insecure Permissions via tomcat-embed-jasper...

8.8CVSS0.01753EPSS
Exploits1References2
prion
prion
added 2022/07/06 3:15 p.m.24 views

Design/Logic Flaw

Mini-Tmall v1.0 is vulnerable to Insecure Permissions via tomcat-embed-jasper...

6.5CVSS8.6AI score0.01753EPSS
Exploits1References2Affected Software1
cve
cve
added 2022/07/06 2:21 p.m.79 views

CVE-2022-30929

CVE-2022-30929 affects Mini-Tmall v1.0 and is described as vulnerable to insecure permissions via the Tomcat Jasper embedding component (tomcat-embed-jasper). Several connected sources reiterate an insecure privilege/permission issue, including Red Hat and CNNVD entries, which label it as an inse...

8.8CVSS8.6AI score0.01753EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2022/07/06 2:21 p.m.30 views

CVE-2022-30929

Mini-Tmall v1.0 is vulnerable to Insecure Permissions via tomcat-embed-jasper...

8.8AI score0.01753EPSS
Exploits1References2
cnnvd
cnnvd
added 2022/07/06 12:0 a.m.6 views

Mini-Tmall 安全漏洞

Mini-Tmall is a Spring Boot-based mini-Tmall mall , fast deployment run , suitable for use as a Bijou template . A security vulnerability exists in Mini-Tmall v1.0. An attacker exploits the vulnerability to perform an insecure privilege attack via tomcat-embed-jasper...

8.8CVSS8AI score0.01753EPSS
Exploits1References3
cnvd
cnvd
added 2020/09/21 12:0 a.m.2 views

SQL Injection Vulnerability in Mini-Tmall Framework Front and Backend

Mini Tmall Mini Tmall is a Spring Boot-based integrated B2C e-commerce platform, the requirements of the design of the main reference Tmall shopping process: users start from registration, to complete the login, browse the products, add a shopping cart, place an order, confirm receipt, evaluation...

7.7AI score
Exploits0
Rows per page
Query Builder