Newbee-mall Security Vulnerabilities and Issues — Newbee-mall CVE List

Lucene search

Newbee-mall ProjectNewbee-mall

10 matches found

CVE•added 2022/04/10 9:15 p.m.•65 views

CVE-2022-27477

Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit.

9.8CVSS9.5AI score0.00344EPSS

CVE•added 2019/11/18 5:15 p.m.•64 views

CVE-2019-19113

main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allows search?goodsCategoryId=&keyword= SQL Injection.

9.8CVSS9.6AI score0.00642EPSS

CVE•added 2022/04/10 9:15 p.m.•59 views

CVE-2022-27476

A cross-site scripting (XSS) vulnerability at /admin/goods/update in Newbee-Mall v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the goodsName parameter.

6.1CVSS5.8AI score0.00212EPSS

CVE•added 2025/02/07 11:15 p.m.•50 views

CVE-2025-1114

A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /admin/categories/save of the component Add Category Page. The manipulation of the argument categoryName leads to cross site scripting. It is possible to launch the attack remotely...

5.4CVSS6.2AI score0.00042EPSS

CVE•added 2025/05/05 3:15 a.m.•48 views

CVE-2025-4259

A vulnerability has been found in newbee-mall 1.0 and classified as critical. Affected by this vulnerability is the function Upload of the file ltd/newbee/mall/controller/common/UploadController.java. The manipulation of the argument File leads to unrestricted upload. The attack can be launched rem...

6.5CVSS6.4AI score0.0005EPSS

CVE•added 2021/01/26 6:15 p.m.•35 views

CVE-2020-23447

newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address information when buying goods, which is triggered when viewing the "View Recipient Information" of this order in "Order Management Office".

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2024/10/28 8:15 p.m.•35 views

CVE-2024-48178

newbee-mall v1.0.0 is vulnerable to Server-Side Request Forgery (SSRF) via the goodsCoverImg parameter.

8.1CVSS7.2AI score0.00088EPSS

CVE•added 2023/05/04 9:15 p.m.•33 views

CVE-2023-30216

Insecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows attackers to obtain user account information.

5.4CVSS5.4AI score0.0005EPSS

CVE•added 2021/01/26 6:15 p.m.•32 views

CVE-2020-23449

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information through the userID.

7.5CVSS7.5AI score0.00206EPSS

CVE•added 2021/01/26 6:15 p.m.•28 views

CVE-2020-23448

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. The authentication logic of the system's background /admin is in code AdminLoginInterceptor, which can be bypassed.

9.8CVSS9.6AI score0.00398EPSS