A vulnerability, which was classified as problematic, was found in linlinjava litemall 1.8.0. Affected is an unknown function of the file /wx/comment/post. The manipulation of the argument adminComment leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
History

Thu, 10 Jul 2025 01:30:00 +0000

Type Values Removed Values Added
First Time appeared Linlinjava
Linlinjava litemall
Weaknesses CWE-863
CPEs cpe:2.3:a:linlinjava:litemall:1.8.0:*:*:*:*:*:*:*
Vendors & Products Linlinjava
Linlinjava litemall

Fri, 27 Jun 2025 14:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 26 Jun 2025 16:15:00 +0000

Type Values Removed Values Added
Description A vulnerability, which was classified as problematic, was found in linlinjava litemall 1.8.0. Affected is an unknown function of the file /wx/comment/post. The manipulation of the argument adminComment leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title linlinjava litemall post improper authorization
Weaknesses CWE-266
CWE-285
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2025-06-26T16:00:16.356Z

Updated: 2025-06-27T13:18:23.188Z

Reserved: 2025-06-26T08:22:14.118Z

Link: CVE-2025-6702

cve-icon Vulnrichment

Updated: 2025-06-27T13:18:13.911Z

cve-icon NVD

Status : Analyzed

Published: 2025-06-26T16:15:38.033

Modified: 2025-07-10T01:02:51.507

Link: CVE-2025-6702

cve-icon Redhat

No data.