Lucene search
K
Project TeamTmall Demo

13 matches found

CVE
CVE
added 2024/09/08 2:31 a.m.87 views

CVE-2024-8568

Mini-Tmall is affected by a SQL injection in the function RewardMapper.select inside tmall/admin/order/1/1, triggered by manipulating the orderBy argument. Affected versions are up to 20240901. Exploitation is remote and has been disclosed publicly; vendor contact occurred with no evident respons...

9.8CVSS7AI score0.00493EPSS
Web
CVE
CVE
added 2025/05/24 10:31 p.m.68 views

CVE-2025-5135

CVE-2025-5135 affects Tmall Demo up to 20250505. The vulnerability is an XSS in the Product Details Page, triggered by manipulating the Product Name/Product Title in the file path /tmall/admin/. The issue concerns some unknown functionality of that admin path and is exploitable remotely; the expl...

6.1CVSS3.4AI score0.00274EPSS
Web
CVE
CVE
added 2025/03/03 1:0 a.m.59 views

CVE-2025-1843

CVE-2025-1843 affects Mini-Tmall up to 20250211. The issue lies in the file com/xq/tmall/dao/ProductMapper.java, in the select function where manipulating the argument orderBy enables an SQL injection. The vulnerability can be triggered remotely, and the exploit has been disclosed publicly. Multi...

9.8CVSS6.8AI score0.00501EPSS
CVE
CVE
added 2025/05/24 11:31 p.m.56 views

CVE-2025-5136

CVE-2025-5136 affects Tmall Demo up to 20250505 in the Payment Identifier Handler, specifically the file path /tmall/order/pay/. The root issue is insufficiently random values in the payment identifier, enabling remote attack; attack vector is NETWORK with HIGH complexity and NONE authentication....

6.3CVSS6.5AI score0.00462EPSS
CVE
CVE
added 2024/07/15 12:0 a.m.54 views

CVE-2024-40554

CVE-2024-40554 describes an access control issue in the Mini-Tmall/Tmall_demo v2024.07.03 where attackers can obtain sensitive information. The explicit affected component is the Tmall_demo application (version 2024.07.03); the underlying cause is identified as an access control flaw. The NVD ent...

7.5CVSS6.7AI score0.00369EPSS
CVE
CVE
added 2025/05/24 8:31 p.m.53 views

CVE-2025-5131

CVE-2025-5131 affects Tmall Demo (up to 20250505). The issue is in the uploadCategoryImage function (tmall/admin/uploadCategoryImage) where improper handling of the File argument enables unrestricted file upload. This vulnerability can be exploited remotely; the exploit has been disclosed publicl...

7.2CVSS4.8AI score0.00447EPSS
Web
CVE
CVE
added 2025/05/24 9:0 p.m.51 views

CVE-2025-5132

CVE-2025-5132 affects Tmall Demo up to 20250505, exposing a cross-site request forgery in the file tmall/admin/account/logout. The CSRF arises from misuse of this logout endpoint and can be triggered remotely; exploitation has been disclosed publicly. Affected/general details are not version-scop...

8.8CVSS6.4AI score0.00263EPSS
CVE
CVE
added 2024/07/15 12:0 a.m.50 views

CVE-2024-40555

CVE-2024-40555 affects Tmall_demo v2024.07.03 and is described in connected sources as an arbitrary file upload vulnerability. The available documents confirm the issue exists in that version but do not provide technical specifics about vulnerable components, exact root cause, vulnerable file han...

5.3CVSS7.6AI score0.00278EPSS
CVE
CVE
added 2024/07/15 12:0 a.m.50 views

CVE-2024-40560

CVE-2024-40560 affects Mini-Tmall (Spring Boot-based mini-Tmall mall). Vulnerability: SQL injection due to lack of validation of externally entered SQL statements in versions prior to 2024.07.03. Impact: potential exposure of sensitive database data. Mitigation: upgrade to Mini-Tmall v2024.07.03 ...

7.3CVSS8.3AI score0.00257EPSS
CVE
CVE
added 2025/05/24 8:0 p.m.49 views

CVE-2025-5130

CVE-2025-5130 affects Tmall Demo up to 20250505, specifically the uploadProductImage function in tmall/admin/uploadProductImage. The root cause is manipulation of the File argument enabling unrestricted image uploads, with remote exploitation possible and public disclosure of the exploit. Version...

7.2CVSS6.8AI score0.00387EPSS
Web
CVE
CVE
added 2025/05/24 9:31 p.m.49 views

CVE-2025-5133

CVE-2025-5133 concerns Tmall Demo up to 20250505, affecting the Search Box component. The vulnerability is a cross-site scripting (XSS) issue caused by a misbehavior of an unknown function in the Search Box, enabling remote exploitation. The exploit has been publicly disclosed; no affected versio...

6.1CVSS4.3AI score0.00356EPSS
CVE
CVE
added 2025/05/24 10:0 p.m.49 views

CVE-2025-5134

CVE-2025-5134 affects Tmall Demo up to 20250505, specifically the Buy Item Page’s Detailed Address parameter, enabling cross-site scripting. Exploitable remotely; exploit disclosed publicly. No version details or patch information provided in the sources; some reports suggest restricting the Deta...

6.1CVSS6.1AI score0.00265EPSS
CVE
CVE
added 2024/07/15 12:0 a.m.46 views

CVE-2024-40553

CVE-2024-40553 affects Tmall_demo v2024.07.03, where an arbitrary file upload is possible through the uploadUserHeadImage component. The incident is documented across Red Hat/NVD/CVE listings and third-party feeds. According to the initial metrics, the CVSS 3.1 vector indicates Network access, lo...

4.9CVSS7.6AI score0.00338EPSS