CVE-2026-8771
published 2026-05-18CVE-2026-8771: A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file…
PriorityP348high7.3CVSS 3.1
AVNACLPRNUINSUCLILAL
EPSS
0.26%
17.2th percentile
A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linlinjava | litemall | — | — |
| linlinjava | litemall | — | — |
| linlinjava | litemall | — | — |
| linlinjava | litemall | — | — |
| linlinjava | litemall | — | — |
| linlinjava | litemall | — | — |
| linlinjava | litemall | — | — |
| linlinjava | litemall | — | — |
| linlinjava | litemall | — | — |
CVSS provenance
nvdv3.17.3HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
nvdv4.05.5MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
org.linlinjava:litemall-wx-api has an Injection issue
ghsa·2026-05-18
CVE-2026-8771 [MEDIUM] CWE-74 org.linlinjava:litemall-wx-api has an Injection issue
org.linlinjava:litemall-wx-api has an Injection issue
A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in SQL injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
GHSA
GHSA-cvwm-vwhp-22jx: A security flaw has been discovered in linlinjava litemall up to 1
ghsa_unreviewed·2026-05-18
CVE-2026-8771 [MEDIUM] CWE-74 GHSA-cvwm-vwhp-22jx: A security flaw has been discovered in linlinjava litemall up to 1
A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
VulDB
linlinjava litemall up to 1.8.0 Front-end WeChat API WxGoodsController.java list sql injection
vuldb·2026-05-17·CVSS 5.5
CVE-2026-8771 [MEDIUM] linlinjava litemall up to 1.8.0 Front-end WeChat API WxGoodsController.java list sql injection
A vulnerability has been found in linlinjava litemall up to 1.8.0 and classified as critical. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in sql injection.
This vulnerability is known as CVE-2026-8771. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-18
Published