CVE-2025-8764

Source
https://cve.org/CVERecord?id=CVE-2025-8764
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8764.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-8764
Published
2025-08-09T18:32:06.025Z
Modified
2026-07-08T08:12:21.062567638Z
Severity
  • 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
linlinjava litemall upload unrestricted upload
Details

A vulnerability classified as critical has been found in linlinjava litemall up to 1.8.0. Affected is the function Upload of the file /wx/storage/upload. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/8xxx/CVE-2025-8764.json",
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-284",
        "CWE-434"
    ]
}
References

Affected packages

Git / github.com/linlinjava/litemall

Affected ranges

Type
GIT
Repo
https://github.com/linlinjava/litemall
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "cpe": "cpe:2.3:a:linlinjava:litemall:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "1.0"
        },
        {
            "last_affected": "1.0"
        },
        {
            "introduced": "1.1"
        },
        {
            "last_affected": "1.1"
        },
        {
            "introduced": "1.2"
        },
        {
            "last_affected": "1.2"
        },
        {
            "introduced": "1.3"
        },
        {
            "last_affected": "1.3"
        },
        {
            "introduced": "1.4"
        },
        {
            "last_affected": "1.4"
        },
        {
            "introduced": "1.5"
        },
        {
            "last_affected": "1.5"
        },
        {
            "introduced": "1.6"
        },
        {
            "last_affected": "1.6"
        },
        {
            "introduced": "1.7"
        },
        {
            "last_affected": "1.7"
        },
        {
            "introduced": "1.8.0"
        },
        {
            "last_affected": "1.8.0"
        },
        {
            "introduced": "0"
        }
    ]
}

Affected versions

1.*
1.0
1.1
1.2
1.3
1.4
1.5
1.6
1.7
1.8.0
v1.*
v1.0.0
v1.1.0
v1.3.0
v1.4.0
v1.5.0
v1.6.0
v1.6.1
v1.7.0
v1.8.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8764.json"