cbcvebase.

Linlinjava Litemall vulnerabilities

14 known vulnerabilities affecting linlinjava/litemall.

Total CVEs
14
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH7MEDIUM6

Vulnerabilities

Page 1 of 1
CVE-2025-8965P2HIGHCVSS 8.8≤ 1.8.0v1.0+8 more2025-08-14
CVE-2025-8965 [HIGH] CWE-284 CVE-2025-8965: A vulnerability has been found in linlinjava litemall up to 1.8.0. This vulnerability affects the fu A vulnerability has been found in linlinjava litemall up to 1.8.0. This vulnerability affects the function create of the file litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminStorageController.java of the component Endpoint. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. T
nvd
CVE-2025-8974P2CRITICALCVSS 9.8≤ 1.8.0v1.0+8 more2025-08-14
CVE-2025-8974 [CRITICAL] CWE-259 CVE-2025-8974: A vulnerability was determined in linlinjava litemall up to 1.8.0. Affected by this issue is some un A vulnerability was determined in linlinjava litemall up to 1.8.0. Affected by this issue is some unknown functionality of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/util/JwtHelper.java of the component JSON Web Token Handler. The manipulation of the argument SECRET with the input X-Litemall-Token leads to hard-coded credentia
nvd
CVE-2025-10291P3HIGHCVSS 8.8≤ 1.8.0v1.0+8 more2025-09-12
CVE-2025-10291 [HIGH] CWE-266 CVE-2025-10291: A weakness has been identified in linlinjava litemall up to 1.8.0. This affects the function WxAfter A weakness has been identified in linlinjava litemall up to 1.8.0. This affects the function WxAftersaleController of the file /wx/aftersale/cancel. Executing manipulation of the argument ID can lead to improper authorization. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. The vendor was
nvd
CVE-2024-6452P3HIGHCVSS 8.8≤ 1.8.0v1.0+8 more2024-07-02
CVE-2024-6452 [HIGH] CWE-89 CVE-2024-6452: A vulnerability classified as critical was found in linlinjava litemall up to 1.8.0. Affected by thi A vulnerability classified as critical was found in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file AdminGoodscontroller.java. The manipulation of the argument goodsId/goodsSn/name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be us
nvd
CVE-2026-8771P3HIGHCVSS 7.3v1.0v1.1+7 more2026-05-18
CVE-2026-8771 [HIGH] CWE-74 CVE-2026-8771: A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function li A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in sql injection. Remote exploitation of the attack is possible. The exploit has bee
nvd
CVE-2024-46382P3HIGHCVSS 7.5v1.8.02024-09-19
CVE-2024-46382 [HIGH] CWE-89 CVE-2024-46382: A SQL injection vulnerability in linlinjava litemall 1.8.0 allows a remote attacker to obtain sensit A SQL injection vulnerability in linlinjava litemall 1.8.0 allows a remote attacker to obtain sensitive information via the goodsId, goodsSn, and name parameters in AdminOrderController.java.
nvd
CVE-2018-18434P3HIGHCVSS 7.5v0.9.02018-10-17
CVE-2018-18434 [HIGH] CWE-22 CVE-2018-18434: An issue was discovered in litemall 0.9.0. Arbitrary file download is possible via ../ directory tra An issue was discovered in litemall 0.9.0. Arbitrary file download is possible via ../ directory traversal in linlinjava/litemall/wx/web/WxStorageController.java in the litemall-wx-api component.
nvd
CVE-2024-24323P3HIGHCVSS 7.2≤ 1.8.02024-02-27
CVE-2024-24323 [HIGH] CWE-89 CVE-2024-24323: SQL injection vulnerability in linlinjava litemall v.1.8.0 allows a remote attacker to obtain sensit SQL injection vulnerability in linlinjava litemall v.1.8.0 allows a remote attacker to obtain sensitive information via the nickname, consignee, orderSN, orderStatusArray parameters of the AdminOrdercontroller.java component.
nvd
CVE-2025-8753P3MEDIUMCVSS 5.4≤ 1.8.0v1.0+8 more2025-08-09
CVE-2025-8753 [MEDIUM] CWE-22 CVE-2025-8753: A vulnerability, which was classified as critical, has been found in linlinjava litemall up to 1.8.0 A vulnerability, which was classified as critical, has been found in linlinjava litemall up to 1.8.0. Affected by this issue is the function delete of the file /admin/storage/delete of the component File Handler. The manipulation of the argument key leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the publ
nvd
CVE-2025-8764P3MEDIUMCVSS 5.4≤ 1.8.0v1.0+8 more2025-08-09
CVE-2025-8764 [MEDIUM] CWE-284 CVE-2025-8764: A vulnerability classified as critical has been found in linlinjava litemall up to 1.8.0. Affected i A vulnerability classified as critical has been found in linlinjava litemall up to 1.8.0. Affected is the function Upload of the file /wx/storage/upload. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
nvd
CVE-2025-6702P4MEDIUMCVSS 5.3v1.8.02025-06-26
CVE-2025-6702 [MEDIUM] CWE-266 CVE-2025-6702: A vulnerability, which was classified as problematic, was found in linlinjava litemall 1.8.0. Affect A vulnerability, which was classified as problematic, was found in linlinjava litemall 1.8.0. Affected is an unknown function of the file /wx/comment/post. The manipulation of the argument adminComment leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor
nvd
CVE-2026-8773P4MEDIUMCVSS 4.7v1.0v1.1+7 more2026-05-18
CVE-2026-8773 [MEDIUM] CWE-74 CVE-2026-8773: A security vulnerability has been detected in linlinjava litemall up to 1.8.0. Affected by this vuln A security vulnerability has been detected in linlinjava litemall up to 1.8.0. Affected by this vulnerability is the function backup/load of the file litemall-db/src/main/java/org/linlinjava/litemall/db/util/DbUtil.java of the component Database Setting Handler. The manipulation of the argument db/password leads to argument injection. The attack is pos
nvd
CVE-2026-8772P4MEDIUMCVSS 4.7v1.0v1.1+7 more2026-05-18
CVE-2026-8772 [MEDIUM] CWE-74 CVE-2026-8772: A weakness has been identified in linlinjava litemall up to 1.8.0. Affected is an unknown function o A weakness has been identified in linlinjava litemall up to 1.8.0. Affected is an unknown function of the component Admin Endpoint. Executing a manipulation can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. Multiple endpoints are affected. The vendor was cont
nvd
CVE-2025-8991P4MEDIUMCVSS 4.3≤ 1.8.0v1.0+8 more2025-08-15
CVE-2025-8991 [MEDIUM] CWE-840 CVE-2025-8991: A vulnerability was identified in linlinjava litemall up to 1.8.0. Affected by this vulnerability is A vulnerability was identified in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file /admin/config/express of the component Business Logic Handler. The manipulation of the argument litemall_express_freight_min leads to business logic errors. The attack can be launched remotely. The exploit has been
nvd
Linlinjava Litemall vulnerabilities | cvebase