cbcvebase.

Newbee-Mall Project Newbee-Mall vulnerabilities

12 known vulnerabilities affecting newbee-mall_project/newbee-mall.

Total CVEs
12
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH1MEDIUM5LOW1

Vulnerabilities

Page 1 of 1
CVE-2026-26218P2CRITICALCVSS 9.8≤ 1.0.02026-02-12
CVE-2026-26218 [CRITICAL] CWE-798 CVE-2026-26218: newbee-mall includes pre-seeded administrator accounts in its database initialization script. These newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to change the default administrative credentials may allow unauthenticated attackers to log in as an ad
nvd
CVE-2025-4259P2CRITICALCVSS 9.8v1.02025-05-05
CVE-2025-4259 [CRITICAL] CWE-284 CVE-2025-4259: A vulnerability has been found in newbee-mall 1.0 and classified as critical. Affected by this vulne A vulnerability has been found in newbee-mall 1.0 and classified as critical. Affected by this vulnerability is the function Upload of the file ltd/newbee/mall/controller/common/UploadController.java. The manipulation of the argument File leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public
nvd
CVE-2019-19113P3CRITICALCVSS 9.8fixed in 2019-10-232019-11-18
CVE-2019-19113 [CRITICAL] CWE-89 CVE-2019-19113: main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allow main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allows search?goodsCategoryId=&keyword= SQL Injection.
nvd
CVE-2026-26219P3CRITICALCVSS 9.1≤ 1.0.02026-02-12
CVE-2026-26219 [CRITICAL] CWE-327 CVE-2026-26219: newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implemen newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to rapidly recover plaintext credentials via offline atta
nvd
CVE-2022-27477P3CRITICALCVSS 9.8v1.02022-04-10
CVE-2022-27477 [CRITICAL] CWE-434 CVE-2022-27477: Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /ad Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit.
nvd
CVE-2024-48178P3HIGHCVSS 8.1v1.02024-10-28
CVE-2024-48178 [HIGH] CWE-918 CVE-2024-48178: newbee-mall v1.0.0 is vulnerable to Server-Side Request Forgery (SSRF) via the goodsCoverImg paramet newbee-mall v1.0.0 is vulnerable to Server-Side Request Forgery (SSRF) via the goodsCoverImg parameter.
nvd
CVE-2025-1114P4MEDIUMCVSS 5.4v1.02025-02-07
CVE-2025-1114 [MEDIUM] CWE-79 CVE-2025-1114: A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the functio A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /admin/categories/save of the component Add Category Page. The manipulation of the argument categoryName leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may
nvd
CVE-2025-10422P4MEDIUMCVSS 4.3≤ 2023-10-09v613a662adf1da7623ec34459bc83e3c1b12d8ce72025-09-15
CVE-2025-10422 [MEDIUM] CWE-266 CVE-2025-10422: A vulnerability has been found in newbee-mall up to 613a662adf1da7623ec34459bc83e3c1b12d8ce7. This i A vulnerability has been found in newbee-mall up to 613a662adf1da7623ec34459bc83e3c1b12d8ce7. This issue affects the function paySuccess of the file /paySuccess of the component Order Status Handler. The manipulation of the argument orderNo leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed
nvd
CVE-2020-23447P4MEDIUMCVSS 6.1v1.02021-01-26
CVE-2020-23447 [MEDIUM] CWE-79 CVE-2020-23447: newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xs newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address information when buying goods, which is triggered when viewing the "View Recipient Information" of this order in "Order Management Office".
nvd
CVE-2023-30216P4MEDIUMCVSS 5.4fixed in 2022-10-272023-05-04
CVE-2023-30216 [MEDIUM] CWE-639 CVE-2023-30216: Insecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows att Insecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows attackers to obtain user account information.
nvd
CVE-2022-27476P4MEDIUMCVSS 6.1v1.0.02022-04-10
CVE-2022-27476 [MEDIUM] CWE-79 CVE-2022-27476: A cross-site scripting (XSS) vulnerability at /admin/goods/update in Newbee-Mall v1.0.0 allows attac A cross-site scripting (XSS) vulnerability at /admin/goods/update in Newbee-Mall v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the goodsName parameter.
nvd
CVE-2025-10423P4LOWCVSS 3.7v1.02025-09-15
CVE-2025-10423 [LOW] CWE-287 CVE-2025-10423: A vulnerability was found in newbee-mall 1.0. Impacted is the function mallKaptcha of the file /comm A vulnerability was found in newbee-mall 1.0. Impacted is the function mallKaptcha of the file /common/mall/kaptcha. The manipulation results in guessable captcha. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is considered difficult. The exploit has been made public and could be used.
nvd
Newbee-Mall Project Newbee-Mall vulnerabilities | cvebase