5 matches found
CVE-2025-8753
A vulnerability, which was classified as critical, has been found in linlinjava litemall up to 1.8.0. Affected by this issue is the function delete of the file /admin/storage/delete of the component File Handler. The manipulation of the argument key leads to path traversal. The attack may be...
CVE-2025-8764
A vulnerability classified as critical has been found in linlinjava litemall up to 1.8.0. Affected is the function Upload of the file /wx/storage/upload. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclose...
CVE-2024-46382
CVE-2024-46382 describes a SQL injection in linlinjava’s Litemall 1.8.0. The vulnerability affects the AdminGoodsController.java parameters goodsId, goodsSn, and name, enabling a remote attacker to exfiltrate sensitive information. The root cause is a missing/insufficient input sanitization or pa...
CVE-2024-46382
A SQL injection vulnerability in linlinjava litemall 1.8.0 allows a remote attacker to obtain sensitive information via the goodsId, goodsSn, and name parameters in AdminOrderController.java...
CVE-2024-6452
CVE-2024-6452 affects linlinjava Litemall up to 1.8.0. The vulnerability resides in AdminGoodscontroller.java where manipulating the goodsId/goodsSn/name parameters enables SQL injection. It can be exploited remotely, and public disclosures exist. Connected sources consistently describe the impac...