Mini Tmall
Approved changes feed: RSS · Atom
cpe:2.3:a:n/a:mini-tmall:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | N/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78) |
|---|---|
| Product | Mini Tmall (e5888f0e-9088-5141-b390-5b1918c1d156) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-1843 |
vulnerable | 2026-06-08 07:08:38.329171 |
Mini-Tmall ProductMapper.java select sql injection
MEDIUM (6.3)
A vulnerability, which was classified as critical, has been found in Mini-Tmall up to 20250211. This issue affects the function select of the file com/xq/tmall/dao/ProductMapper.java. The manipulation of the argument orderBy leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-03-03T01:00:09.082Z
Updated: 2025-03-03T17:40:09.979Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-1817 |
vulnerable | 2026-06-08 07:08:38.210763 |
Mini-Tmall Admin Name admin cross site scripting
LOW (2.4)
A vulnerability classified as problematic was found in Mini-Tmall up to 20250211. This vulnerability affects unknown code of the file /admin of the component Admin Name Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Published: 2025-03-02T14:31:04.431Z
Updated: 2025-03-03T21:28:06.320Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-8568 |
vulnerable | 2026-06-08 07:00:24.965333 |
Mini-Tmall 1 rewardMapper.select sql injection
MEDIUM (6.3)
A vulnerability, which was classified as critical, was found in Mini-Tmall up to 20240901. Affected is the function rewardMapper.select of the file tmall/admin/order/1/1. The manipulation of the argument orderBy leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2024-09-08T02:31:13.759Z
Updated: 2024-09-09T14:40:52.935Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2074 |
vulnerable | 2026-06-08 06:33:30.293957 |
Mini-Tmall 1 sql injection
MEDIUM (6.3)
A vulnerability was found in Mini-Tmall up to 20231017 and classified as critical. This issue affects some unknown processing of the file ?r=tmall/admin/user/1/1. The manipulation of the argument orderBy leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255389 was assigned to this vulnerability.
Published: 2024-03-01T17:31:03.696Z
Updated: 2024-08-12T15:37:18.685Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4445 |
vulnerable | 2026-06-08 06:16:12.375758 |
Mini-Tmall sql injection
MEDIUM (6.3)
A vulnerability, which was classified as critical, has been found in Mini-Tmall up to 20230811. Affected by this issue is some unknown functionality of the file product/1/1?test=1&test2=2&. The manipulation of the argument orderBy leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-237566 is the identifier assigned to this vulnerability.
Published: 2023-08-21T01:00:08.120Z
Updated: 2024-08-02T07:24:04.695Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.