3 matches found
CVE-2024-6452
CVE-2024-6452 affects linlinjava Litemall up to 1.8.0. The vulnerability resides in AdminGoodscontroller.java where manipulating the goodsId/goodsSn/name parameters enables SQL injection. It can be exploited remotely, and public disclosures exist. Connected sources consistently describe the impac...
CVE-2025-8965
CVE-2025-8965 affects linlinjava litemall up to version 1.8.0. The vulnerability is in the create function of AdminStorageController.java (litemall-admin-api) where manipulation of the File argument leads to unrestricted file upload. The attack can be performed remotely and the exploit has been d...
CVE-2025-10291
Affects linlinjava litemall up to 1.8.0. The vulnerability resides in WxAftersaleController at /wx/aftersale/cancel, where manipulating the ID argument can cause improper authorization. Exploitation can be performed remotely, and public exploits exist. Multiple sources confirm the issue and note ...