VYPR

Litemall

by Linlinjava

Source repositories

CVEs (13)

  • CVE-2024-46382HigSep 19, 2024
    risk 0.49cvss 7.5epss 0.01

    A SQL injection vulnerability in linlinjava litemall 1.8.0 allows a remote attacker to obtain sensitive information via the goodsId, goodsSn, and name parameters in AdminOrderController.java.

  • CVE-2025-10291MedSep 12, 2025
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in linlinjava litemall up to 1.8.0. This affects the function WxAftersaleController of the file /wx/aftersale/cancel. Executing manipulation of the argument ID can lead to improper authorization. The attack can be executed remotely. The exploit has…

  • CVE-2025-8965MedAug 14, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in linlinjava litemall up to 1.8.0. This vulnerability affects the function create of the file litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminStorageController.java of the component Endpoint. The manipulation of the…

  • CVE-2025-8764MedAug 9, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability classified as critical has been found in linlinjava litemall up to 1.8.0. Affected is the function Upload of the file /wx/storage/upload. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit…

  • CVE-2025-8753MedAug 9, 2025
    risk 0.35cvss 5.4epss 0.00

    A vulnerability, which was classified as critical, has been found in linlinjava litemall up to 1.8.0. Affected by this issue is the function delete of the file /admin/storage/delete of the component File Handler. The manipulation of the argument key leads to path traversal. The…

  • CVE-2026-8773MedMay 18, 2026
    risk 0.31cvss 4.7epss 0.00

    A security vulnerability has been detected in linlinjava litemall up to 1.8.0. Affected by this vulnerability is the function backup/load of the file litemall-db/src/main/java/org/linlinjava/litemall/db/util/DbUtil.java of the component Database Setting Handler. The manipulation…

  • CVE-2026-8772MedMay 18, 2026
    risk 0.31cvss 4.7epss 0.00

    A weakness has been identified in linlinjava litemall up to 1.8.0. Affected is an unknown function of the component Admin Endpoint. Executing a manipulation can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and…

  • CVE-2025-8991MedAug 15, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was identified in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file /admin/config/express of the component Business Logic Handler. The manipulation of the argument litemall_express_freight_min leads to…

  • CVE-2025-6702MedJun 26, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability, which was classified as problematic, was found in linlinjava litemall 1.8.0. Affected is an unknown function of the file /wx/comment/post. The manipulation of the argument adminComment leads to improper authorization. It is possible to launch the attack…

  • CVE-2025-8974LowAug 14, 2025
    risk 0.24cvss 3.7epss 0.00

    A vulnerability was determined in linlinjava litemall up to 1.8.0. Affected by this issue is some unknown functionality of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/util/JwtHelper.java of the component JSON Web Token Handler. The manipulation of the…

  • CVE-2024-6452Jul 2, 2024
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical was found in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file AdminGoodscontroller.java. The manipulation of the argument goodsId/goodsSn/name leads to sql injection. The attack can be…

  • CVE-2024-24323Feb 27, 2024
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in linlinjava litemall v.1.8.0 allows a remote attacker to obtain sensitive information via the nickname, consignee, orderSN, orderStatusArray parameters of the AdminOrdercontroller.java component.

  • CVE-2018-18434Oct 17, 2018
    risk 0.00cvss epss 0.02

    An issue was discovered in litemall 0.9.0. Arbitrary file download is possible via ../ directory traversal in linlinjava/litemall/wx/web/WxStorageController.java in the litemall-wx-api component.