Vulnerabilities > CVE-2023-30216 - Authorization Bypass Through User-Controlled Key vulnerability in Newbee-Mall Project Newbee-Mall 1.0/20191023

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

newbee-mall-project

NVD

Published: 2023-05-04

Updated: 2023-05-11

Summary

Insecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows attackers to obtain user account information.

Vulnerable Configurations

Part	Description	Count
Application	Newbee-Mall_Project Newbee Mall Project Newbee Mall 1.0 Newbee Mall Project Newbee Mall 2019-10-23	2

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

References

https://github.com/newbee-ltd/newbee-mall/issues/76

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.