CVE-2024-24323

Name of the Vulnerable Software and Affected Versions linlinjava litemall version 1.8.0

Description The issue allows a remote attacker to obtain sensitive information via the nickname, consignee, orderSN, orderStatusArray parameters of the AdminOrdercontroller.java component. This is a SQL injection vulnerability, which means an attacker can inject malicious SQL code to manipulate the database and extract sensitive data.

Recommendations For linlinjava litemall version 1.8.0, consider restricting access to the vulnerable AdminOrdercontroller.java component until a patch is available. As a temporary workaround, avoid using the nickname, consignee, orderSN, orderStatusArray parameters in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.