CVE-2024-46382

Name of the Vulnerable Software and Affected Versions linlinjava litemall version 1.8.0

Description A SQL injection issue allows a remote attacker to obtain sensitive information via the goodsId, goodsSn, and name parameters in AdminGoodscontroller.java. This could potentially lead to unauthenticated remote code execution. It is recommended to review code for similar vulnerabilities and audit logs for signs of exploitation.

Recommendations For linlinjava litemall version 1.8.0, consider disabling the AdminGoodscontroller.java function temporarily until a patch is available. Restrict access to the vulnerable parameters goodsId, goodsSn, and name to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.