11 matches found
CVE-2024-24323
CVE-2024-24323 is a SQL injection vulnerability affecting linlinjava litemall v.1.8.0. The issue arises in AdminOrdercontroller.java where the nickname, consignee, orderSN, and orderStatusArray parameters can be exploited by an attacker to access sensitive information. Multiple sources (NVD, Red ...
CVE-2024-46382
CVE-2024-46382 describes a SQL injection in linlinjava’s Litemall 1.8.0. The vulnerability affects the AdminGoodsController.java parameters goodsId, goodsSn, and name, enabling a remote attacker to exfiltrate sensitive information. The root cause is a missing/insufficient input sanitization or pa...
CVE-2024-6452
CVE-2024-6452 affects linlinjava Litemall up to 1.8.0. The vulnerability resides in AdminGoodscontroller.java where manipulating the goodsId/goodsSn/name parameters enables SQL injection. It can be exploited remotely, and public disclosures exist. Connected sources consistently describe the impac...
CVE-2025-8753
CVE-2025-8753 affects linlinjava litemall up to version 1.8.0. The vulnerability resides in the File Handler’s delete function at /admin/storage/delete, where manipulation of the key parameter enables path traversal. The issue can be exploited remotely and the public exploit is disclosed. Affecte...
CVE-2018-18434
The CVE-2018-18434 vulnerability affects Litemall 0.9.0 in the litemall-wx-api component, specifically in WxStorageController.java, where a directory traversal (../) enables arbitrary file download. This is a network-accessible issue with a high-severity impact per CVSS (C:H/I:N/A:N) and partial ...
CVE-2025-8974
CVE-2025-8974 affects linlinjava litemall up to version 1.8.0, specifically the JwtHelper.java in the Wx API’s JSON Web Token Handler. The issue arises from manipulating the SECRET argument via the X-Litemall-Token input, resulting in hard-coded credentials. Exploitation can be remote; attack com...
CVE-2025-8991
CVE-2025-8991 affects linlinjava litemall versions up to 1.8.0. The vulnerability resides in the Business Logic Handler’s /admin/config/express, where manipulating the litemall_express_freight_min parameter triggers business logic errors. The issue is exploitable remotely and publicized. PT-2025-...
CVE-2025-8764
CVE-2025-8764 affects linlinjava litemall up to version 1.8.0. The vulnerability is in the Upload function of /wx/storage/upload, where manipulating the File argument leads to unrestricted file upload. It can be exploited remotely and exploit details have been disclosed publicly. Remediation per ...
CVE-2025-8965
CVE-2025-8965 affects linlinjava litemall up to version 1.8.0. The vulnerability is in the create function of AdminStorageController.java (litemall-admin-api) where manipulation of the File argument leads to unrestricted file upload. The attack can be performed remotely and the exploit has been d...
CVE-2025-6702
CVE-2025-6702 affects linlinjava litemall 1.8.0. Affected is an unknown function in the file /wx/comment/post where manipulating the adminComment parameter leads to improper authorization. Attacker can exploit remotely, and the exploit has been disclosed publicly. The vendor was contacted early b...
CVE-2025-10291
Affects linlinjava litemall up to 1.8.0. The vulnerability resides in WxAftersaleController at /wx/aftersale/cancel, where manipulating the ID argument can cause improper authorization. Exploitation can be performed remotely, and public exploits exist. Multiple sources confirm the issue and note ...