Newbee-mall Project

Newbee-mall

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1

CVE-2026-26219

Exploit
  • EPSS 0.02%
  • Veröffentlicht 12.02.2026 18:39:50
  • Zuletzt bearbeitet 25.02.2026 16:40:13

newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, ba...

9.8

CVE-2026-26218

Exploit
  • EPSS 0.13%
  • Veröffentlicht 12.02.2026 18:38:40
  • Zuletzt bearbeitet 25.02.2026 16:41:25

newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to ...

3.7

CVE-2025-10423

Exploit
  • EPSS 0.05%
  • Veröffentlicht 15.09.2025 03:02:05
  • Zuletzt bearbeitet 14.10.2025 19:37:29

A vulnerability was found in newbee-mall 1.0. Impacted is the function mallKaptcha of the file /common/mall/kaptcha. The manipulation results in guessable captcha. The attack can be executed remotely. A high complexity level is associated with this a...

4.3

CVE-2025-10422

Exploit
  • EPSS 0.04%
  • Veröffentlicht 15.09.2025 02:32:06
  • Zuletzt bearbeitet 14.10.2025 19:37:43

A vulnerability has been found in newbee-mall up to 613a662adf1da7623ec34459bc83e3c1b12d8ce7. This issue affects the function paySuccess of the file /paySuccess of the component Order Status Handler. The manipulation of the argument orderNo leads to ...

9.8

CVE-2025-4259

Exploit
  • EPSS 0.38%
  • Veröffentlicht 05.05.2025 02:00:05
  • Zuletzt bearbeitet 10.10.2025 19:09:34

A vulnerability has been found in newbee-mall 1.0 and classified as critical. Affected by this vulnerability is the function Upload of the file ltd/newbee/mall/controller/common/UploadController.java. The manipulation of the argument File leads to un...

5.4

CVE-2025-1114

Exploit
  • EPSS 0.15%
  • Veröffentlicht 07.02.2025 23:15:14
  • Zuletzt bearbeitet 20.06.2025 17:00:30

A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /admin/categories/save of the component Add Category Page. The manipulation of the argument categoryName leads to cross site script...

8.1

CVE-2024-48178

Exploit
  • EPSS 0.09%
  • Veröffentlicht 28.10.2024 20:15:05
  • Zuletzt bearbeitet 10.06.2025 18:44:10

newbee-mall v1.0.0 is vulnerable to Server-Side Request Forgery (SSRF) via the goodsCoverImg parameter.

5.4

CVE-2023-30216

Exploit
  • EPSS 0.07%
  • Veröffentlicht 04.05.2023 21:15:11
  • Zuletzt bearbeitet 29.01.2025 20:15:32

Insecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows attackers to obtain user account information.

6.1

CVE-2022-27476

Exploit
  • EPSS 0.22%
  • Veröffentlicht 10.04.2022 21:15:09
  • Zuletzt bearbeitet 21.11.2024 06:55:47

A cross-site scripting (XSS) vulnerability at /admin/goods/update in Newbee-Mall v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the goodsName parameter.

9.8

CVE-2022-27477

Exploit
  • EPSS 0.36%
  • Veröffentlicht 10.04.2022 21:15:09
  • Zuletzt bearbeitet 21.11.2024 06:55:48

Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit.