Vulnerability Details CVE-2020-23448
newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. The authentication logic of the system's background /admin is in code AdminLoginInterceptor, which can be bypassed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2020-23448
-
cpe:2.3:a:newbee-mall_project:newbee-mall:1.0
-
cpe:2.3:a:newbee-mall_project:newbee-mall:2019-10-23
-
cpe:2.3:a:newbee-mall_project:newbee-mall:2022-10-27