Yuzi

**Name of the Vulnerable Software and Affected Versions** Mini-Tmall versions up to 20231017 **Description** A critical issue affects the processing of the file at the endpoint "?r=tmall/admin/user/1/1". The manipulation of the `orderBy` argument leads to SQL injection. The attack can be initiated remotely. **Recommendations** For Mini-Tmall versions up to 20231017, as a temporary workaround, consider restricting access to the endpoint "?r=tmall/admin/user/1/1" to minimize the risk of exploitation. Avoid using the `orderBy` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.