Submit #683659: liketea 1.0.0 SQL Injectioninfo

Titleliketea 1.0.0 SQL Injection
DescriptionLiketea is an open-source Multi-store tea beverage mini program (chain store version) A critical SQL injection vulnerability exists in the store listing API endpoint that allows unauthenticated attackers to execute arbitrary SQL commands. User-supplied latitude and longitude parameters are directly concatenated into a raw SQL query without sanitization or parameterization.
Source⚠️ https://github.com/ictrun/liketea-sql-injection/blob/main/README.md
User
 ictrun (UID 83482)
Submission10/28/2025 00:03 (6 months ago)
Moderation11/13/2025 13:05 (17 days later)
StatusAccepted
VulDB entry332349 [cameasy Liketea 1.0.0 API Endpoint StoreController.php list lng/lat sql injection]
Points18

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!