CVE-2025-10291

Name of the Vulnerable Software and Affected Versions: linlinjava litemall versions up to 1.8.0

Description: A weakness exists in linlinjava litemall up to version 1.8.0. The issue affects the WxAftersaleController function within the /wx/aftersale/cancel file. Manipulation of the ID argument can lead to improper authorization. This issue can be exploited remotely. The exploit has been made publicly available. The vendor was contacted but did not respond.

Recommendations: Versions prior to 1.8.0 should be used. As a temporary workaround, restrict access to the /wx/aftersale/cancel file to minimize the risk of exploitation.