RSS   Vulnerabilities for 'Newbee-mall'   RSS

2022-04-10
 
CVE-2022-27477

CWE-434
 

 
Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit.

 
2021-01-26
 
CVE-2020-23449

CWE-863
 

 
newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information through the userID.

 
 
CVE-2020-23448

CWE-287
 

 
newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. The authentication logic of the system's background /admin is in code AdminLoginInterceptor, which can be bypassed.

 
 
CVE-2020-23447

CWE-79
 

 
newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address information when buying goods, which is triggered when viewing the "View Recipient Information" of this order in "Order Management Office".

 
2019-11-18
 
CVE-2019-19113

CWE-89
 

 
main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allows search?goodsCategoryId=&keyword= SQL Injection.

 


Copyright 2024, cxsecurity.com

 

Back to Top