A vulnerability, which was classified as critical, was found in Mini-Tmall up to 20240901. Affected is the function rewardMapper.select of the file tmall/admin/order/1/1. The manipulation of the argument orderBy leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
History

Mon, 16 Sep 2024 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Project Team
Project Team tmall Demo
CPEs cpe:2.3:a:project_team:tmall_demo:*:*:*:*:*:*:*:*
Vendors & Products Project Team
Project Team tmall Demo

Mon, 09 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Mini
Mini mini-tmall
CPEs cpe:2.3:a:mini:mini-tmall:*:*:*:*:*:*:*:*
Vendors & Products Mini
Mini mini-tmall
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sun, 08 Sep 2024 02:45:00 +0000

Type Values Removed Values Added
Description A vulnerability, which was classified as critical, was found in Mini-Tmall up to 20240901. Affected is the function rewardMapper.select of the file tmall/admin/order/1/1. The manipulation of the argument orderBy leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Mini-Tmall 1 rewardMapper.select sql injection
Weaknesses CWE-89
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-09-08T02:31:13.759Z

Updated: 2024-09-09T14:40:52.935Z

Reserved: 2024-09-07T06:25:02.420Z

Link: CVE-2024-8568

cve-icon Vulnrichment

Updated: 2024-09-09T14:40:47.048Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-08T03:15:01.833

Modified: 2024-09-16T13:22:31.087

Link: CVE-2024-8568

cve-icon Redhat

No data.