Newbee-mall Project Newbee-mall — known CVE vulnerabilities
Every CVE whose affected-product data names Newbee-mall Project Newbee-mall, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2022-27477 — CVSS 9.8 (critical): Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit.
CVE-2019-19113 — CVSS 9.8 (critical): main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allows search?goodsCategoryId=&keyword= SQL…
CVE-2020-23448 — CVSS 9.8 (critical): newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. The…
CVE-2026-26218 — CVSS 9.8 (critical): newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a…
CVE-2026-26219 — CVSS 9.1 (critical): newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user…
CVE-2024-48178 — CVSS 8.1 (high): newbee-mall v1.0.0 is vulnerable to Server-Side Request Forgery (SSRF) via the goodsCoverImg parameter.
CVE-2020-23449 — CVSS 7.5 (high): newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java…
CVE-2025-4259 — CVSS 6.3 (medium): A vulnerability has been found in newbee-mall 1.0 and classified as critical. Affected by this vulnerability is the function Upload of the…
CVE-2022-27476 — CVSS 6.1 (medium): A cross-site scripting (XSS) vulnerability at /admin/goods/update in Newbee-Mall v1.0.0 allows attackers to execute arbitrary web scripts…
CVE-2020-23447 — CVSS 6.1 (medium): newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address information…
CVE-2023-30216 — CVSS 5.4 (medium): Insecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows attackers to obtain user account…
CVE-2025-10422 — CVSS 4.3 (medium): A vulnerability has been found in newbee-mall up to 613a662adf1da7623ec34459bc83e3c1b12d8ce7. This issue affects the function paySuccess of…
CVE-2025-10423 — CVSS 3.7 (low): A vulnerability was found in newbee-mall 1.0. Impacted is the function mallKaptcha of the file /common/mall/kaptcha. The manipulation…
CVE-2025-1114 — CVSS 3.5 (low): A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file…