Berna

**Name of the Vulnerable Software and Affected Versions** linlinjava litemall versions prior to 1.8.1 **Description** An argument injection issue exists in the Database Setting Handler component. The `backup/load` function within the file `litemall-db/src/main/java/org/linlinjava/litemall/db/util/DbUtil.java` is susceptible to remote attacks via the manipulation of the `db/password` argument. **Recommendations** Update to a version later than 1.8.0. As a temporary workaround, restrict access to the `backup/load` function in the `DbUtil.java` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** linlinjava litemall versions prior to 1.8.1 **Description** A SQL injection flaw exists in the Front-end WeChat API component. The issue is located in the `list()` function within the file `litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java`. This flaw allows remote attackers to perform manipulations that result in unauthorized SQL command execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `list()` function in the `WxGoodsController.java` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** linlinjava litemall versions prior to 1.8.0 **Description** A weakness in the Admin Endpoint component allows for remote SQL injection, a technique where malicious SQL statements are inserted into entry fields for execution. This issue affects multiple endpoints within the component. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.