SQL injection vulnerability in linlinjava litemall v.1.8.0 allows a remote attacker to obtain sensitive information via the nickname, consignee, orderSN, orderStatusArray parameters of the AdminOrdercontroller.java component.
References
| Link | Resource |
|---|---|
| https://github.com/lousix/exp/blob/main/CVE-2024-24323/CVE-2024-24323.md | Exploit Third Party Advisory |
| https://github.com/lousix/exp/blob/main/CVE-2024-24323/CVE-2024-24323.md | Exploit Third Party Advisory |
Configurations
History
15 Sep 2025, 17:09
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/lousix/exp/blob/main/CVE-2024-24323/CVE-2024-24323.md - Exploit, Third Party Advisory | |
| First Time |
Linlinjava
Linlinjava litemall |
|
| CPE | cpe:2.3:a:linlinjava:litemall:*:*:*:*:*:*:*:* |
21 Nov 2024, 08:59
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/lousix/exp/blob/main/CVE-2024-24323/CVE-2024-24323.md - |
28 Aug 2024, 16:35
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-89 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
28 Feb 2024, 14:06
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
27 Feb 2024, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-02-27 17:15
Updated : 2025-09-15 17:09
NVD link : CVE-2024-24323
Mitre link : CVE-2024-24323
CVE.ORG link : CVE-2024-24323
JSON object : View
Products Affected
linlinjava
- litemall
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')