CVE-2025-8991

Name of the Vulnerable Software and Affected Versions: linlinjava litemall versions up to 1.8.0

Description: A vulnerability was identified in linlinjava litemall. The issue affects an unknown functionality within the /admin/config/express file of the Business Logic Handler component. Manipulation of the litemall express freight min argument leads to business logic errors. The attack can be launched remotely, and the exploit has been publicly disclosed.

Recommendations: Versions prior to 1.8.1 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.