Litemall Security Vulnerabilities and Issues — Litemall CVE List

Lucene search

Litemall ProjectLitemall

4 matches found

CVE•added 2024/02/27 5:15 p.m.•4041 views

CVE-2024-24323

SQL injection vulnerability in linlinjava litemall v.1.8.0 allows a remote attacker to obtain sensitive information via the nickname, consignee, orderSN, orderStatusArray parameters of the AdminOrdercontroller.java component.

7.2CVSS7.2AI score0.00568EPSS

CVE•added 2024/09/19 1:15 p.m.•37 views

CVE-2024-46382

A SQL injection vulnerability in linlinjava litemall 1.8.0 allows a remote attacker to obtain sensitive information via the goodsId, goodsSn, and name parameters in AdminGoodscontroller.java.

7.5CVSS7.4AI score0.00115EPSS

CVE•added 2024/07/02 8:15 p.m.•36 views

CVE-2024-6452

A vulnerability classified as critical was found in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file AdminGoodscontroller.java. The manipulation of the argument goodsId/goodsSn/name leads to sql injection. The attack can be launched remotely. T...

6.5CVSS6.9AI score0.00085EPSS

CVE•added 2018/10/17 6:29 a.m.•24 views

CVE-2018-18434

An issue was discovered in litemall 0.9.0. Arbitrary file download is possible via ../ directory traversal in linlinjava/litemall/wx/web/WxStorageController.java in the litemall-wx-api component.

7.5CVSS7.5AI score0.00623EPSS