CVE-2024-6452
published 2024-07-02CVE-2024-6452: A vulnerability classified as critical was found in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file…
PriorityP353high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.47%
37.5th percentile
A vulnerability classified as critical was found in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file AdminGoodscontroller.java. The manipulation of the argument goodsId/goodsSn/name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270235.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linlinjava | litemall | <= 1.8.0 | — |
| linlinjava | litemall | — | — |
| linlinjava | litemall | — | — |
| linlinjava | litemall | — | — |
| linlinjava | litemall | — | — |
| linlinjava | litemall | — | — |
| linlinjava | litemall | — | — |
| linlinjava | litemall | — | — |
| linlinjava | litemall | — | — |
| linlinjava | litemall | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.05.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
cisa9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x4qp-j8r7-f2wx: A vulnerability classified as critical was found in linlinjava litemall up to 1
ghsa_unreviewed·2024-07-02
CVE-2024-6452 [MEDIUM] CWE-89 GHSA-x4qp-j8r7-f2wx: A vulnerability classified as critical was found in linlinjava litemall up to 1
A vulnerability classified as critical was found in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file AdminGoodscontroller.java. The manipulation of the argument goodsId/goodsSn/name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270235.
CISA
Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability
cisa·2024-07-29·CVSS 9.8
CVE-2023-45249 [CRITICAL] CWE-1393 Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability
Vulnerability: Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability
Affected: Acronis Cyber Infrastructure (ACI)
Acronis Cyber Infrastructure (ACI) allows an unauthenticated user to execute commands remotely due to the use of default passwords.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: https://security-advisory.acronis.com/advisories/SEC-6452; https://nvd.nist.gov/vuln/detail/CVE-2023-45249
Remediation Due Date: 2024-08-19
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-07-02
Published