Mini-Tmall
Products
1- 6 CVEs
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-30929 | Hig | 0.57 | 8.8 | 0.02 | Jul 6, 2022 | Mini-Tmall v1.0 is vulnerable to Insecure Permissions via tomcat-embed-jasper. | ||
| CVE-2025-1843 | Med | 0.41 | 6.3 | 0.01 | Mar 3, 2025 | A vulnerability, which was classified as critical, has been found in Mini-Tmall up to 20250211. This issue affects the function select of the file com/xq/tmall/dao/ProductMapper.java. The manipulation of the argument orderBy leads to sql injection. The attack may be initiated… | ||
| CVE-2024-8568 | Med | 0.41 | 6.3 | 0.00 | Sep 8, 2024 | A vulnerability, which was classified as critical, was found in Mini-Tmall up to 20240901. Affected is the function rewardMapper.select of the file tmall/admin/order/1/1. The manipulation of the argument orderBy leads to sql injection. It is possible to launch the attack… | ||
| CVE-2024-2074 | Med | 0.41 | 6.3 | 0.01 | Mar 1, 2024 | A vulnerability was found in Mini-Tmall up to 20231017 and classified as critical. This issue affects some unknown processing of the file ?r=tmall/admin/user/1/1. The manipulation of the argument orderBy leads to sql injection. The attack may be initiated remotely. The exploit… | ||
| CVE-2023-4445 | Med | 0.41 | 6.3 | 0.01 | Aug 21, 2023 | A vulnerability, which was classified as critical, has been found in Mini-Tmall up to 20230811. Affected by this issue is some unknown functionality of the file product/1/1?test=1&test2=2&. The manipulation of the argument orderBy leads to sql injection. The attack may be… | ||
| CVE-2025-1817 | Low | 0.16 | 2.4 | 0.00 | Mar 2, 2025 | A vulnerability classified as problematic was found in Mini-Tmall up to 20250211. This vulnerability affects unknown code of the file /admin of the component Admin Name Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has… |
- risk 0.57cvss 8.8epss 0.02
Mini-Tmall v1.0 is vulnerable to Insecure Permissions via tomcat-embed-jasper.
- risk 0.41cvss 6.3epss 0.01
A vulnerability, which was classified as critical, has been found in Mini-Tmall up to 20250211. This issue affects the function select of the file com/xq/tmall/dao/ProductMapper.java. The manipulation of the argument orderBy leads to sql injection. The attack may be initiated…
- risk 0.41cvss 6.3epss 0.00
A vulnerability, which was classified as critical, was found in Mini-Tmall up to 20240901. Affected is the function rewardMapper.select of the file tmall/admin/order/1/1. The manipulation of the argument orderBy leads to sql injection. It is possible to launch the attack…
- risk 0.41cvss 6.3epss 0.01
A vulnerability was found in Mini-Tmall up to 20231017 and classified as critical. This issue affects some unknown processing of the file ?r=tmall/admin/user/1/1. The manipulation of the argument orderBy leads to sql injection. The attack may be initiated remotely. The exploit…
- risk 0.41cvss 6.3epss 0.01
A vulnerability, which was classified as critical, has been found in Mini-Tmall up to 20230811. Affected by this issue is some unknown functionality of the file product/1/1?test=1&test2=2&. The manipulation of the argument orderBy leads to sql injection. The attack may be…
- risk 0.16cvss 2.4epss 0.00
A vulnerability classified as problematic was found in Mini-Tmall up to 20250211. This vulnerability affects unknown code of the file /admin of the component Admin Name Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has…