CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-19113

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1540%
EPSS Percentile44.12th
Published2019年11月18日
Last Modified2024年11月21日

Vulnerability Description

main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allows search?goodsCategoryId=&keyword= SQL Injection.

Affected Platforms (CPE)

📦
Newbee Mall Project

Newbee Mall

< 2019-10-23

References & Advisories

🔗 https://github.com/newbee-ltd/newbee-mall/issues/1
🔗 https://github.com/newbee-ltd/newbee-mall/issues/1

関連する脆弱性情報

CVE-2020-234489.8

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. ...

CVE-2020-234497.5

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigService...

CVE-2020-234476.1

newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address inf...

CVE-2019-623510.0

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12...