Vulnerabilities > Newbee Mall Project > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-10 | CVE-2022-27477 | Unrestricted Upload of File with Dangerous Type vulnerability in Newbee-Mall Project Newbee-Mall 1.0 Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit. | 9.8 |
| 2021-01-26 | CVE-2020-23448 | Use of Incorrectly-Resolved Name or Reference vulnerability in Newbee-Mall Project Newbee-Mall newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. | 9.8 |
| 2019-11-18 | CVE-2019-19113 | SQL Injection vulnerability in Newbee-Mall Project Newbee-Mall 1.0 main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allows search?goodsCategoryId=&keyword= SQL Injection. | 9.8 |