CVE Details
Basic Information
| Title | linlinjava litemall post improper authorization |
|---|---|
| Type | cve |
| Published | 2025-06-26T16:00:16.356Z |
| Last Seen |
Product Information
| Vendor | linlinjava |
|---|---|
| Product | litemall |
| Version | 1.8.0 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A vulnerability in linlinjava litemall 1.8.0 allows unauthorized access due to improper authorization checks in the comment posting feature, exploitable remotely. |
|---|---|
| AI Severity | Medium |
| Vendor | linlinjava |
| Product | litemall |
| Affected Version | 1.8.0 |
Affected Products
- linlinjava litemall 1.8.0
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-285, CWE-266 |
| Bulletin Family |
References
Description
A vulnerability, which was classified as problematic, was found in linlinjava litemall 1.8.0. Affected is an unknown function of the file /wx/comment/post. The manipulation of the argument adminComment leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.