Description
A vulnerability has been found in linlinjava litemall up to 1.8.0. This vulnerability affects the function create of the file litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminStorageController.java of the component Endpoint. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Es geht um die Funktion create der Datei litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminStorageController.java der Komponente Endpoint. Durch die Manipulation des Arguments File mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
Problem types
Product status
1.1
1.2
1.3
1.4
1.5
1.6
1.7
1.8.0
Timeline
| 2025-08-13: | Advisory disclosed |
| 2025-08-13: | VulDB entry created |
| 2025-08-13: | VulDB entry last update |
Credits
ZAST.AI (VulDB User)
References
vuldb.com/?id.319960 (VDB-319960 | linlinjava litemall Endpoint AdminStorageController.java create unrestricted upload)
vuldb.com/?ctiid.319960 (VDB-319960 | CTI Indicators (IOB, IOC, TTP, IOA))
vuldb.com/?submit.628098 (Submit #628098 | linlinjava https://github.com/linlinjava/litemall <=1.8.0 Unrestricted Upload of File with Dangerous Type (CWE-434))
github.com/linlinjava/litemall/issues/565
github.com/linlinjava/litemall/issues/565
