2 matches found
CVE-2025-8974 linlinjava litemall JSON Web Token JwtHelper.java hard-coded credentials
A vulnerability was determined in linlinjava litemall up to 1.8.0. Affected by this issue is some unknown functionality of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/util/JwtHelper.java of the component JSON Web Token Handler. The manipulation of the argument SECRET with th...
CVE-2025-8974
CVE-2025-8974 affects linlinjava litemall up to version 1.8.0, specifically the JwtHelper.java in the Wx API’s JSON Web Token Handler. The issue arises from manipulating the SECRET argument via the X-Litemall-Token input, resulting in hard-coded credentials. Exploitation can be remote; attack com...