CyberSec.Space Logo
Back to CVE Browser

CVE-2019-19113

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1540%
EPSS Percentile44.12th
PublishedNov 18, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allows search?goodsCategoryId=&keyword= SQL Injection.

Affected Platforms (CPE)

📦
Newbee Mall Project

Newbee Mall

< 2019-10-23

References & Advisories

🔗 https://github.com/newbee-ltd/newbee-mall/issues/1
🔗 https://github.com/newbee-ltd/newbee-mall/issues/1

Related Vulnerabilities

CVE-2020-234489.8

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. ...

CVE-2020-234497.5

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigService...

CVE-2020-234476.1

newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address inf...

CVE-2019-002010.0

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full contr...