Linlinjava Litemall
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Linlinjava Litemall.
By the Year
In 2026 there have been 3 vulnerabilities in Linlinjava Litemall with an average score of 5.6 out of ten. Last year, in 2025 Litemall had 1 security vulnerability published. That is, 2 more vulnerabilities have already been reported in 2026 as compared to last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.27.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 3 | 5.57 |
| 2025 | 1 | 5.30 |
| 2024 | 1 | 6.50 |
It may take a day or so for new Litemall vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Linlinjava Litemall Security Vulnerabilities
DB Arg Injection in litemall (1.8.0) DbUtil.java (Database Setting Handler)
CVE-2026-8773
4.7 - Medium
- May 18, 2026
A security vulnerability has been detected in linlinjava litemall up to 1.8.0. Affected by this vulnerability is the function backup/load of the file litemall-db/src/main/java/org/linlinjava/litemall/db/util/DbUtil.java of the component Database Setting Handler. The manipulation of the argument db/password leads to argument injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Argument Injection
SQLi in linlinjava litemall Admin Endpoint < 1.8.0
CVE-2026-8772
4.7 - Medium
- May 17, 2026
A weakness has been identified in linlinjava litemall up to 1.8.0. Affected is an unknown function of the component Admin Endpoint. Executing a manipulation can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. Multiple endpoints are affected. The vendor was contacted early about this disclosure but did not respond in any way.
SQL Injection
Remote SQLi in linlinjava litemall 1.8.0 Wx API WxGoodsController
CVE-2026-8771
7.3 - High
- May 17, 2026
A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
SQL Injection
Linlinjava Litemall 1.8.0 Improper Auth via AdminComment
CVE-2025-6702
5.3 - Medium
- June 26, 2025
A vulnerability, which was classified as problematic, was found in linlinjava litemall 1.8.0. Affected is an unknown function of the file /wx/comment/post. The manipulation of the argument adminComment leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AuthZ
CVE-2024-46382: SQLi in litemall 1.8.0 AdminGoodscontroller.java
CVE-2024-46382
6.5 - Medium
- September 19, 2024
A SQL injection vulnerability in linlinjava litemall 1.8.0 allows a remote attacker to obtain sensitive information via the goodsId, goodsSn, and name parameters in AdminOrderController.java.
SQL Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Linlinjava Litemall or by Linlinjava? Click the Watch button to subscribe.
