CVE-2020-23449

HIGH

7.5

CVSS Severity Score

EPSS Score0.1720%

EPSS Percentile25.38th

PublishedJan 26, 2021

Last ModifiedNov 21, 2024

Vulnerability Description

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information through the userID.

Affected Platforms (CPE)

📦

Newbee Mall Project

Newbee Mall

All versions

References & Advisories

🔗 https://github.com/newbee-ltd/newbee-mall/issues/35

Related Vulnerabilities

CVE-2019-191139.8

main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allows search?goodsCategoryId=&keyw...

CVE-2020-234489.8

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. ...

CVE-2020-234476.1

newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address inf...

CVE-2020-676910.0

Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker ...