Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
linlinjava litemall JSON Web Token JwtHelper.java hard-coded credentials
Vulnerability Description
A vulnerability was determined in linlinjava litemall up to 1.8.0. Affected by this issue is some unknown functionality of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/util/JwtHelper.java of the component JSON Web Token Handler. The manipulation of the argument SECRET with the input X-Litemall-Token leads to hard-coded credentials. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
使用硬编码的凭证
Vulnerability Title
litemall 安全漏洞
Vulnerability Description
litemall是linlinjava个人开发者的一个小商场系统。 litemall 1.8.0及之前版本存在安全漏洞,该漏洞源于对文件litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/util/JwtHelper.java中参数SECRET的错误操作导致硬编码凭证。
CVSS Information
N/A
Vulnerability Type
N/A