CVE-2020-23448

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0970%

EPSS Percentile27.16th

Published2021年1月26日

Last Modified2024年11月21日

Vulnerability Description

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. The authentication logic of the system's background /admin is in code AdminLoginInterceptor, which can be bypassed.

Affected Platforms (CPE)

📦

Newbee Mall Project

Newbee Mall

All versions

References & Advisories

🔗 https://github.com/newbee-ltd/newbee-mall/issues/34

相關漏洞威脅

CVE-2019-191139.8

main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allows search?goodsCategoryId=&keyw...

CVE-2020-234497.5

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigService...

CVE-2020-234476.1

newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address inf...

CVE-2020-195310.0

Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes i...