Tmac

SQL injection vulnerability in linlinjava litemall v.1.8.0 allows a remote attacker to obtain sensitive information via the goodsId, goodsSn, name parameters of the AdminGoodscontroller.java component. 1.Steps to reproduce (复现步骤) 访问商品管理，点击查询，抓取数据包...

SQL injection vulnerability in Hitout litemall v.1.0 allows a remote attacker to obtain sensitive information via the orderBy parameters of the OrderController.java component. 1.Steps to reproduce (复现步骤) 访问销售管理，进行查询，获取数据包 `GET /order/getList?page=1&limit=5&orderId=190514000006&customerName=%E9%9F%A9%E7%86%99%E6%9D%B0&employeeName=%E5%BC%A0%E6%99%93%E5%85%B0&orderBy=createTime+asc...