xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter.Referenceshttps://github.com/Exrick/xmall/issues/78
