CVE-2018-18434

Name of the Vulnerable Software and Affected Versions litemall version 0.9.0

Description An issue in the litemall-wx-api component allows for arbitrary file download via directory traversal. This is possible due to the ../ directory traversal vulnerability in the WxStorageController.java file.

Recommendations For litemall version 0.9.0, consider restricting access to the WxStorageController.java file or the affected API endpoint until a patch is available. As a temporary workaround, review and limit the usage of directory traversal in the linlinjava/litemall/wx/web/WxStorageController.java file to minimize the risk of exploitation.