Mini-tmall Security Vulnerabilities and Issues — Mini-tmall CVE List

Lucene search

MiniMini-tmall

3 matches found

CVE•added 2024/09/08 3:15 a.m.•75 views

CVE-2024-8568

A vulnerability, which was classified as critical, was found in Mini-Tmall up to 20240901. Affected is the function rewardMapper.select of the file tmall/admin/order/1/1. The manipulation of the argument orderBy leads to sql injection. It is possible to launch the attack remotely. The exploit has b...

9.8CVSS7AI score0.00041EPSS

CVE•added 2024/03/01 6:15 p.m.•66 views

CVE-2024-2074

A vulnerability was found in Mini-Tmall up to 20231017 and classified as critical. This issue affects some unknown processing of the file ?r=tmall/admin/user/1/1. The manipulation of the argument orderBy leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to...

6.5CVSS6.8AI score0.00431EPSS

CVE•added 2024/07/15 4:15 p.m.•35 views

CVE-2024-40553

Tmall_demo v2024.07.03 was discovered to contain an arbitrary file upload via the component uploadUserHeadImage.

4.9CVSS7.6AI score0.0011EPSS