CVE-2025-6702

MEDIUM

linlinjava litemall 1.8.0 - Incorrect Privilege Assignment via wx/comment/post adminComment Parameter

Title source: llm

Description

A vulnerability, which was classified as problematic, was found in linlinjava litemall 1.8.0. Affected is an unknown function of the file /wx/comment/post. The manipulation of the argument adminComment leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.313968

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.313968

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.597473

Exploit, Third Party Advisory exploit

https://ctf-n0el4kls.notion.site/Litemall-Mass-Assignment-Vulnerability-in-wx-comment-post-21441990f447808b86d1cb15e37ecae9?source=copy_link

Exploit, Third Party Advisory

https://ctf-n0el4kls.notion.site/Litemall-Mass-Assignment-Vulnerability-in-wx-comment-post-21441990f447808b86d1cb15e37ecae9

Scores

CVSS v3 4.3

EPSS 0.0032

EPSS Percentile 23.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-266 CWE-285 CWE-863

Status published

Products (1)

linlinjava/litemall 1.8.0

Published Jun 26, 2025

Tracked Since Feb 18, 2026