CVE-2020-23449

HIGH

7.5

CVSS Severity Score

EPSS Score0.1720%

EPSS Percentile25.38th

Published2021年1月26日

Last Modified2024年11月21日

Vulnerability Description

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information through the userID.

Affected Platforms (CPE)

📦

Newbee Mall Project

Newbee Mall

All versions

References & Advisories

🔗 https://github.com/newbee-ltd/newbee-mall/issues/35

相關漏洞威脅

CVE-2019-191139.8

main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allows search?goodsCategoryId=&keyw...

CVE-2020-234489.8

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. ...

CVE-2020-234476.1

newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address inf...

CVE-2020-2627610.0

Fleet is an open source osquery manager. In Fleet before version 3.5.1, due to issues in Go's standard library XML parsing, a vali...