linlinjava litemall Improper Authorization Vulnerability in wx/comment/post Endpoint

Vulnerability

A vulnerability allowing improper authorization has been identified in linlinjava litemall version 1.8.0. The issue arises in the wx/comment/post endpoint, where the adminComment argument is not properly validated, enabling unauthorized users to manipulate comments as if they were administrators. This vulnerability can be exploited remotely and has been publicly disclosed, with known technical details and a proof-of-concept exploit available.

Impact

Exploitation of this vulnerability could lead to unauthorized actions being performed, such as forging administrator comments. This could facilitate social engineering attacks by misleading users, promoting fake offers or scams, and disseminating malicious links or viruses.

Added: Jun 26, 2025, 4:39 PM

Updated: Jun 26, 2025, 4:39 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

0.6

exploitability

6.8

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

0.6

exploitability

6.8

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

linlinjava litemall Improper Authorization Vulnerability in wx/comment/post Endpoint

Vulnerability

Impact

Affected Products

linlinjava litemall

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating