CVE-2025-1843 Mini-Tmall ProductMapper.java select sql injection

A vulnerability, which was classified as critical, has been found in Mini-Tmall up to 20250211. This issue affects the function select of the file com/xq/tmall/dao/ProductMapper.java. The manipulation of the argument orderBy leads to sql injection. The attack may be initiated remotely. The exploi...

Mini-Tmall SQL注入漏洞

Mini-Tmall is Mini-Tmall open source Spring Boot based on a comprehensive B2C e-commerce platform. Used to build an e-commerce platform to provide commodity trading services. Mini-Tmall 20250211 and earlier versions have a security vulnerability , the vulnerability stems from the ProductMapper.ja...