A vulnerability was found in cld378632668 JavaMall up to 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0. This impacts the function Upload of the file src/main/java/com/macro/mall/controller/MinioController.java. The manipulation results in unrestricted upload. It is possible to launch the attack remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.
References
| Link | Resource |
|---|---|
| https://github.com/zyhzheng500-maker/cve/blob/main/javamall%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md | Exploit Third Party Advisory |
| https://vuldb.com/?ctiid.339481 | Permissions Required VDB Entry |
| https://vuldb.com/?id.339481 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.721997 | Third Party Advisory VDB Entry |
Configurations
History
08 Mar 2026, 01:47
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/zyhzheng500-maker/cve/blob/main/javamall%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md - Exploit, Third Party Advisory | |
| References | () https://vuldb.com/?ctiid.339481 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.339481 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?submit.721997 - Third Party Advisory, VDB Entry | |
| CPE | cpe:2.3:a:cld378632668:javamall:1.0.0:*:*:*:*:*:*:* | |
| First Time |
Cld378632668
Cld378632668 javamall |
05 Jan 2026, 01:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-01-05 01:15
Updated : 2026-03-08 01:47
NVD link : CVE-2025-15448
Mitre link : CVE-2025-15448
CVE.ORG link : CVE-2025-15448
JSON object : View
Products Affected
cld378632668
- javamall