A path traversal vulnerability exists in the Linlinjava Litemall's File Handler component, specifically in the delete function of the /admin/storage/delete file. This flaw allows an attacker to manipulate the input argument 'key,' leading to unauthorized file access and potential deletion of sensitive files. The vulnerability can be exploited remotely, making it a significant risk for users running affected versions of the product. Publicly disclosed exploits may enable malicious actors to leverage this weakness with relative ease.
https://securityvulnerability.io/vulner ... -2025-8753