CVE-2024-6452 | linlinjava litemall up to 1.8.0 AdminGoodscontroller.java goodsId/goodsSn/name sql injection (Issue 548)

Inserito da Angelo Barbosa | Lug 2, 2024 | CVE

A vulnerability classified as critical was found in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file AdminGoodscontroller.java. The manipulation of the argument goodsId/goodsSn/name leads to sql injection.

This vulnerability is known as CVE-2024-6452. The attack can be launched remotely. Furthermore, there is an exploit available.

CVE-2024-6452 | linlinjava litemall up to 1.8.0 AdminGoodscontroller.java goodsId/goodsSn/name sql injection (Issue 548)

Post correlati

VDB-253530 | Google Cloud Projects IAM API projects.serviceAccounts.list pageToken information disclosure

CVE-2024-27130 | QNAP QTS/QuTS hero buffer overflow (qsa-24-23)

CVE-2024-20286 | Cisco NX-OS up to 10.2(1q) Python Interpreter protection mechanism (cisco-sa-nxos-psbe-ce-YvbTn5du)

CVE-2024-7469 | Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 3.90 Web Interface list_vpn_web_custom.php sslvpn_config_mod template/stylenum os command injection