CVE-2020-23448

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0970%

EPSS Percentile27.16th

PublishedJan 26, 2021

Last ModifiedNov 21, 2024

Vulnerability Description

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. The authentication logic of the system's background /admin is in code AdminLoginInterceptor, which can be bypassed.

Affected Platforms (CPE)

📦

Newbee Mall Project

Newbee Mall

All versions

References & Advisories

🔗 https://github.com/newbee-ltd/newbee-mall/issues/34

Related Vulnerabilities

CVE-2019-191139.8

main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allows search?goodsCategoryId=&keyw...

CVE-2020-234497.5

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigService...

CVE-2020-234476.1

newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address inf...

CVE-2020-941110.0

The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerabilit...