Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:mini-tmall:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorN/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78)
ProductMini Tmall (e5888f0e-9088-5141-b390-5b1918c1d156)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-1843 vulnerable 2026-06-08 07:08:38.329171 Mini-Tmall ProductMapper.java select sql injection
MEDIUM (6.3)
A vulnerability, which was classified as critical, has been found in Mini-Tmall up to 20250211. This issue affects the function select of the file com/xq/tmall/dao/ProductMapper.java. The manipulation of the argument orderBy leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-03-03T01:00:09.082Z
Updated: 2025-03-03T17:40:09.979Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-1817 vulnerable 2026-06-08 07:08:38.210763 Mini-Tmall Admin Name admin cross site scripting
LOW (2.4)
A vulnerability classified as problematic was found in Mini-Tmall up to 20250211. This vulnerability affects unknown code of the file /admin of the component Admin Name Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Published: 2025-03-02T14:31:04.431Z
Updated: 2025-03-03T21:28:06.320Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-8568 vulnerable 2026-06-08 07:00:24.965333 Mini-Tmall 1 rewardMapper.select sql injection
MEDIUM (6.3)
A vulnerability, which was classified as critical, was found in Mini-Tmall up to 20240901. Affected is the function rewardMapper.select of the file tmall/admin/order/1/1. The manipulation of the argument orderBy leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2024-09-08T02:31:13.759Z
Updated: 2024-09-09T14:40:52.935Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-2074 vulnerable 2026-06-08 06:33:30.293957 Mini-Tmall 1 sql injection
MEDIUM (6.3)
A vulnerability was found in Mini-Tmall up to 20231017 and classified as critical. This issue affects some unknown processing of the file ?r=tmall/admin/user/1/1. The manipulation of the argument orderBy leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255389 was assigned to this vulnerability.
Published: 2024-03-01T17:31:03.696Z
Updated: 2024-08-12T15:37:18.685Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-4445 vulnerable 2026-06-08 06:16:12.375758 Mini-Tmall sql injection
MEDIUM (6.3)
A vulnerability, which was classified as critical, has been found in Mini-Tmall up to 20230811. Affected by this issue is some unknown functionality of the file product/1/1?test=1&test2=2&. The manipulation of the argument orderBy leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-237566 is the identifier assigned to this vulnerability.
Published: 2023-08-21T01:00:08.120Z
Updated: 2024-08-02T07:24:04.695Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.