ez-lbz issues

Results 22 issues of


                                            ez-lbz

WuKongCRM v11.0 Fastjson JDBC Deserialization Vulnerability (CWE-502)

# WuKongCRM v11.0 Fastjson JDBC Deserialization Vulnerability (CWE-502) ### Summary WuKongCRM v11.0 is vulnerable to a **Fastjson JDBC deserialization vulnerability** due to the continued use of **Fastjson version 1.2.58**. A...

System Path Disclosure Vulnerability in /adminFile/upload (CWE-209)

# System Path Disclosure Vulnerability in `/adminFile/upload` (CWE-209) ### Summary A **system path disclosure vulnerability** exists in the `/adminFile/upload` endpoint. The application’s DTO (Data Transfer Object) layer is improperly configured,...

Authentication Bypass Vulnerability in Nacos 1.2.1 (CWE-346)

# Authentication Bypass Vulnerability in Nacos 1.2.1 (CVE-2021-29441) ### Summary A **high-risk authentication bypass vulnerability** exists in **Nacos version 1.2.1**, which is the **default version used by the target project**....

aaa

Guessable CAPTCHA in /common/mall/kaptcha of newbee-mall (CWE-804)

## Guessable CAPTCHA in /common/mall/kaptcha of newbee-mall (CWE-804) ### Summary In newbee-mall, the CAPTCHA mechanism relies on the client explicitly requesting `/common/mall/kaptcha` to obtain a code. The CAPTCHA is reset...

Critical Payment Vulnerability (IDOR) in /paySuccess of newbee-mall

## Critical Payment Vulnerability (IDOR) in /paySuccess of newbee-mall ### Summary In newbee-mall, the `/paySuccess` endpoint contains a critical payment vulnerability. This endpoint directly updates the order status in the...

PDF XSS Vulnerability in /upload/files of newbee-mall

## PDF XSS Vulnerability in /upload/files of newbee-mall ### Summary In newbee-mall, the `/upload/files` endpoint is vulnerable to PDF-based cross-site scripting (XSS). This vulnerability is similar to CVE-2025-4259, which arises...

Hardcoded JWT Secret Vulnerability in Litemall (≤ v1.8.0) (CWE-798)

# Hardcoded JWT Secret Vulnerability in Litemall (≤ v1.8.0) (CWE-798) ## Summary A hardcoded JWT secret vulnerability exists in **Litemall versions ≤ 1.8.0**. The issue is located in: ``` litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/util/JwtHelper.java...

Stored XSS Vulnerability in /wx/storage/upload (Litemall ≤ v1.8.0)

# Stored XSS Vulnerability in `/wx/storage/upload` (Litemall ≤ v1.8.0) ### Summary A **stored cross-site scripting (XSS)** vulnerability exists in **Litemall versions ≤ 1.8.0** at the `/wx/storage/upload` endpoint. The application does...

Arbitrary File Deletion Vulnerability in /admin/storage/delete

# Arbitrary File Deletion Vulnerability in `/admin/storage/delete` ### Summary An arbitrary file deletion vulnerability exists in the **Litemall** system at the `/admin/storage/delete` endpoint. Due to insufficient validation of user-provided input,...