Filtered by vendor Newbee-mall Project
Subscriptions
Filtered by product Newbee-mall
Subscriptions
Total
8 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-30216 | 1 Newbee-mall Project | 1 Newbee-mall | 2024-11-21 | 5.4 Medium |
Insecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows attackers to obtain user account information. | ||||
CVE-2022-27477 | 1 Newbee-mall Project | 1 Newbee-mall | 2024-11-21 | 9.8 Critical |
Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit. | ||||
CVE-2022-27476 | 1 Newbee-mall Project | 1 Newbee-mall | 2024-11-21 | 6.1 Medium |
A cross-site scripting (XSS) vulnerability at /admin/goods/update in Newbee-Mall v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the goodsName parameter. | ||||
CVE-2020-23449 | 1 Newbee-mall Project | 1 Newbee-mall | 2024-11-21 | 7.5 High |
newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information through the userID. | ||||
CVE-2020-23448 | 1 Newbee-mall Project | 1 Newbee-mall | 2024-11-21 | 9.8 Critical |
newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. The authentication logic of the system's background /admin is in code AdminLoginInterceptor, which can be bypassed. | ||||
CVE-2020-23447 | 1 Newbee-mall Project | 1 Newbee-mall | 2024-11-21 | 6.1 Medium |
newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address information when buying goods, which is triggered when viewing the "View Recipient Information" of this order in "Order Management Office". | ||||
CVE-2019-19113 | 1 Newbee-mall Project | 1 Newbee-mall | 2024-11-21 | 9.8 Critical |
main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allows search?goodsCategoryId=&keyword= SQL Injection. | ||||
CVE-2024-48178 | 1 Newbee-mall Project | 1 Newbee-mall | 2024-10-30 | 8.1 High |
newbee-mall v1.0.0 is vulnerable to Server-Side Request Forgery (SSRF) via the goodsCoverImg parameter. |
Page 1 of 1.