Newbee-mall@* Security Vulnerabilities and Issues — Newbee-mall@* CVE List

Lucene search

Newbee-mall ProjectNewbee-mall*

4 matches found

CVE•added 2019/11/18 5:15 p.m.•64 views

CVE-2019-19113

main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allows search?goodsCategoryId=&keyword= SQL Injection.

9.8CVSS9.6AI score0.00642EPSS

CVE•added 2023/05/04 9:15 p.m.•33 views

CVE-2023-30216

Insecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows attackers to obtain user account information.

5.4CVSS5.4AI score0.0005EPSS

CVE•added 2021/01/26 6:15 p.m.•32 views

CVE-2020-23449

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information through the userID.

7.5CVSS7.5AI score0.00206EPSS

CVE•added 2021/01/26 6:15 p.m.•28 views

CVE-2020-23448

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. The authentication logic of the system's background /admin is in code AdminLoginInterceptor, which can be bypassed.

9.8CVSS9.6AI score0.00398EPSS