CVE-2024-24323

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-24323
SQL injection vulnerability in linlinjava litemall v.1.8.0 allows a remote attacker to obtain sensitive information via the nickname, consignee, orderSN, orderStatusArray parameters of the AdminOrdercontroller.java component.

7.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/lousix/exp/blob/main/CVE-2024-24323/CVE-2024-24323.md Exploit Third Party Advisory
https://github.com/lousix/exp/blob/main/CVE-2024-24323/CVE-2024-24323.md Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:linlinjava:litemall:*:*:*:*:*:*:*:*
History

15 Sep 2025, 17:09

Type Values Removed Values Added
References () https://github.com/lousix/exp/blob/main/CVE-2024-24323/CVE-2024-24323.md - () https://github.com/lousix/exp/blob/main/CVE-2024-24323/CVE-2024-24323.md - Exploit, Third Party Advisory
CPE cpe:2.3:a:linlinjava:litemall:*:*:*:*:*:*:*:*
First Time Linlinjava litemall
Linlinjava

21 Nov 2024, 08:59

Type Values Removed Values Added
References () https://github.com/lousix/exp/blob/main/CVE-2024-24323/CVE-2024-24323.md - () https://github.com/lousix/exp/blob/main/CVE-2024-24323/CVE-2024-24323.md -

28 Aug 2024, 16:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.2
CWE CWE-89

28 Feb 2024, 14:06

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad de inyección SQL en linlinjava litemall v.1.8.0 permite a un atacante remoto obtener información confidencial a través de los parámetros apodo, consignatario, orderSN, orderStatusArray del componente AdminOrdercontroller.java.

27 Feb 2024, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-02-27 17:15

Updated : 2025-09-15 17:09

NVD link : CVE-2024-24323

Mitre link : CVE-2024-24323

CVE.ORG link : CVE-2024-24323

JSON object : View

Products Affected

linlinjava

  • litemall
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')