CVE-2023-4445

Name of the Vulnerable Software and Affected Versions Mini-Tmall versions up to 20230811

Description A critical issue has been found, affecting some unknown functionality of the file product/1/1?test=1&test2=2&, allowing for SQL injection through the manipulation of the orderBy argument. This issue can be exploited remotely.

Recommendations For Mini-Tmall versions up to 20230811, as a temporary workaround, consider restricting access to the orderBy argument in the affected file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.