126 matches found
CVE-2025-1817 Mini-Tmall Admin Name admin cross site scripting
A vulnerability classified as problematic was found in Mini-Tmall up to 20250211. This vulnerability affects unknown code of the file /admin of the component Admin Name Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to...
CVE-2025-1817 Mini-Tmall Admin Name admin cross site scripting
A vulnerability classified as problematic was found in Mini-Tmall up to 20250211. This vulnerability affects unknown code of the file /admin of the component Admin Name Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to...
CVE-2025-1817
CVE-2025-1817 affects Mini-Tmall up to 20250211, involving the /admin path of the Admin Name Handler. The issue is described as a cross-site scripting (XSS) vulnerability that can be triggered remotely and for which the exploit has been disclosed publicly. The available reports do not specify the...
Mini-Tmall 跨站脚本漏洞
Mini-Tmall is Mini-Tmall open source Spring Boot based on a comprehensive B2C e-commerce platform . Used to build an e-commerce platform to provide commodity trading services. A cross-site scripting vulnerability exists in Mini-Tmall 20250211 and previous versions. Attackers can use the...
CVE-2024-8568
A vulnerability, which was classified as critical, was found in Mini-Tmall up to 20240901. Affected is the function rewardMapper.select of the file tmall/admin/order/1/1. The manipulation of the argument orderBy leads to sql injection. It is possible to launch the attack remotely. The exploit has...
CVE-2024-8568
A vulnerability, which was classified as critical, was found in Mini-Tmall up to 20240901. Affected is the function rewardMapper.select of the file tmall/admin/order/1/1. The manipulation of the argument orderBy leads to sql injection. It is possible to launch the attack remotely. The exploit has...
CVE-2024-8568 Mini-Tmall 1 rewardMapper.select sql injection
A vulnerability, which was classified as critical, was found in Mini-Tmall up to 20240901. Affected is the function rewardMapper.select of the file tmall/admin/order/1/1. The manipulation of the argument orderBy leads to sql injection. It is possible to launch the attack remotely. The exploit has...
CVE-2024-8568 Mini-Tmall 1 rewardMapper.select sql injection
A vulnerability, which was classified as critical, was found in Mini-Tmall up to 20240901. Affected is the function rewardMapper.select of the file tmall/admin/order/1/1. The manipulation of the argument orderBy leads to sql injection. It is possible to launch the attack remotely. The exploit has...
CVE-2024-8568
Mini-Tmall is affected by a SQL injection in the function RewardMapper.select inside tmall/admin/order/1/1, triggered by manipulating the orderBy argument. Affected versions are up to 20240901. Exploitation is remote and has been disclosed publicly; vendor contact occurred with no evident respons...
Tmall_demo SQL注入漏洞
Tmalldemo is a Spring Boot-based mini Tmall by the Xianqi Mall projectteam team. A SQL injection vulnerability exists in Tmalldemo 20240901 and earlier versions, which stems from the improper handling of the orderBy parameter in the orderMapper.select function in the tmall/admin/order/1/1 file...
PT-2024-39105 · Unknown · Mini-Tmall
Name of the Vulnerable Software and Affected Versions: Mini-Tmall versions up to 20240901 Description: A critical issue was found in the function rewardMapper.select of the file tmall/admin/order/1/1. The manipulation of the argument orderBy leads to SQL injection. It is possible to launch the...
Mini-Tmall SQL Injection Vulnerability
Mini-Tmall is a Spring Boot-based mini-Tmall mall , fast deployment run , suitable for use as a bijou template . SQL injection vulnerability exists in versions prior to Mini-Tmall v2024.07.03. The vulnerability stems from the application's lack of validation of externally entered SQL statements,...
CVE-2024-40554
An access control issue in Tmalldemo v2024.07.03 allows attackers to obtain sensitive information...
CVE-2024-40560
Tmalldemo before v2024.07.03 was discovered to contain a SQL injection vulnerability...
CVE-2024-40555
Tmalldemo v2024.07.03 was discovered to contain an arbitrary file upload vulnerability...
CVE-2024-40553
Tmalldemo v2024.07.03 was discovered to contain an arbitrary file upload via the component uploadUserHeadImage...
Mini-Tmall Security Breach
Mini-Tmall is a Spring Boot based mini-Tmall mall, fast deployment and running, suitable for use as a Bijou template. A security vulnerability exists in Mini-Tmall version v2024.07.03. An attacker can obtain sensitive information by exploiting the vulnerability...
PT-2024-28919 · Unknown · Tmall Demo
Name of the Vulnerable Software and Affected Versions: Tmall demo version 2024.07.03 Description: The issue is related to an access control problem, which enables attackers to gain access to sensitive information. Recommendations: For Tmall demo version 2024.07.03, at the moment, there is no...
Mini-Tmall 安全漏洞
Mini-Tmall is a Spring Boot-based mini-Tmall mall , fast deployment run , suitable for use as a bijou template . SQL injection vulnerability exists in versions prior to Mini-Tmall v2024.07.03. The vulnerability stems from the application's lack of validation of externally entered SQL statements,...
PT-2024-28920 · Unknown · Tmall Demo
Name of the Vulnerable Software and Affected Versions: Tmall demo version 2024.07.03 Description: The issue allows for an arbitrary file upload, which could potentially lead to unauthorized access or malicious activity. Recommendations: For version 2024.07.03, at the moment, there is no informati...