RSS   Podatności dla 'Newbee-mall'   RSS

2021-01-26
 
CVE-2020-23449

CWE-863
 

 
newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information through the userID.

 
 
CVE-2020-23448

CWE-287
 

 
newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. The authentication logic of the system's background /admin is in code AdminLoginInterceptor, which can be bypassed.

 
 
CVE-2020-23447

CWE-79
 

 
newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address information when buying goods, which is triggered when viewing the "View Recipient Information" of this order in "Order Management Office".

 
2019-11-18
 
CVE-2019-19113

CWE-89
 

 
main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allows search?goodsCategoryId=&keyword= SQL Injection.

 


Copyright 2021, cxsecurity.com

 

Back to Top