A security vulnerability has been detected in linlinjava litemall up to 1.8.0
A vulnerability has been detected in the Database Setting Handler of linlinjava litemall up to version 1.8.0, allowing an attacker to inject arguments and potentially gain unauthorized access to the database. The vulnerability can be exploited remotely. This issue is related to the backup/load function in the DbUtil.java file.
A security vulnerability has been detected in linlinjava litemall up to 1.8.0. Affected by this vulnerability is the function backup/load of the file litemall-db/src/main/java/org/linlinjava/litemall/db/util/DbUtil.java of the component Database Setting Handler. The manipulation of the argument db/password leads to argument injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Developers and users of linlinjava litemall up to version 1.8.0 are at risk of argument injection attacks, which can lead to moderate severity consequences.
Monitor & Review
Low severity — keep this CVE on your radar and patch during routine maintenance.
What should I do?
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
0
Affected Products
4
References
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Exploitability
Impact