CNNVD-202511-1591 Information

Nov 13, 2025 cve

CNNVD ID

CNNVD-202511-1591

CVE-2025-13121

CNNVD Published: 2025-11-13

Description (Chinese)

Like Tea是cameasy开源的一个多门店茶饮小程序。 Like Tea 1.0.0版本存在SQL注入漏洞，该漏洞源于文件laravel/app/Http/Controllers/Front/StoreController.php中list函数对lng/lat参数处理不当，可能导致SQL注入攻击。

Description (English)

Like Tea is a multi-store tea-drink program at the start of the game. The Like Tea 1.0.0 version has an injection loophole in SQL, which stems from the inappropriate handling of the ng/lat parameters in the list function of the document Laravel/app/Http/Controllers/Front/StoreController.php, which could lead to an attack on SQL injection.

Hazard Level

Medium

Vulnerability Type

SQL注入

Affected Vendor

cameasy

Published

2025-11-13

Last Modified

2026-02-24

References

https://vuldb.com/?id.332349 https://vuldb.com/?submit.683659 https://github.com/ictrun/liketea-sql-injection/blob/main/README.md https://github.com/ictrun/liketea-sql-injection/blob/main/README.md#proof-of-concept https://vuldb.com/?ctiid.332349 https://access.redhat.com/security/cve/cve-2025-13121

Share on: