CVE-2025-1843 | Mini-Tmall up to 20250211 ProductMapper.java select orderBy sql injection

Inserito da Angelo Barbosa | Mar 2, 2025 | CVE

A vulnerability, which was classified as critical, has been found in Mini-Tmall up to 20250211. This issue affects the function select of the file com/xq/tmall/dao/ProductMapper.java. The manipulation of the argument orderBy leads to sql injection.

The identification of this vulnerability is CVE-2025-1843. The attack may be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-1843 | Mini-Tmall up to 20250211 ProductMapper.java select orderBy sql injection

Post correlati

CVE-2023-49749 | SureTriggers Plugin up to 1.0.23 on WordPress cross-site request forgery

CVE-2024-5121 | SourceCodester Event Registration System 1.0 e cross site scripting

CVE-2022-32753 | IBM Security Verify Directory 10.0.0 inadequate encryption (XFDB-228444)

CVE-2024-9092 | SourceCodester Profile Registration without Reload Refresh 1.0 Registration Form add.php full_name cross site scripting