CVE-2024-6452

Summary

A vulnerability classified as critical was found in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file AdminGoodscontroller.java. The manipulation of the argument goodsId/goodsSn/name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270235.

Affected Software

VendorProductVersion RangeStatus
linlinjavalitemall1.0affected
linlinjavalitemall1.1affected
linlinjavalitemall1.2affected
linlinjavalitemall1.3affected
linlinjavalitemall1.4affected
linlinjavalitemall1.5affected
linlinjavalitemall1.6affected
linlinjavalitemall1.7affected
linlinjavalitemall1.8affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References