Vulnerabilities > Newbee Mall Project > Newbee Mall > 1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-04 | CVE-2023-30216 | Authorization Bypass Through User-Controlled Key vulnerability in Newbee-Mall Project Newbee-Mall 1.0/20191023 Insecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows attackers to obtain user account information. | 5.4 |
| 2022-04-10 | CVE-2022-27477 | Unrestricted Upload of File with Dangerous Type vulnerability in Newbee-Mall Project Newbee-Mall 1.0 Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit. | 7.5 |
| 2021-01-26 | CVE-2020-23447 | Cross-site Scripting vulnerability in Newbee-Mall Project Newbee-Mall 1.0 newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. | 4.3 |