CVE-2025-10291 | linlinjava litemall up to 1.8.0 /wx/aftersale/cancel WxAftersaleController ID improper authorization

A vulnerability categorized as critical has been discovered in linlinjava litemall up to 1.8.0. This affects the function WxAftersaleController of the file /wx/aftersale/cancel. Executing manipulation of the argument ID can lead to improper authorization.

This vulnerability is handled as CVE-2025-10291. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More