Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
newbee-mall Order Status paySuccess improper authorization
Vulnerability Description
A vulnerability has been found in newbee-mall up to 613a662adf1da7623ec34459bc83e3c1b12d8ce7. This issue affects the function paySuccess of the file /paySuccess of the component Order Status Handler. The manipulation of the argument orderNo leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
授权机制不恰当
Vulnerability Title
newbee-mall 授权问题漏洞
Vulnerability Description
newbee-mall是newbee开源的一套电子商务系统。 newbee-mall存在授权问题漏洞,该漏洞源于对文件/paySuccess中组件Order Status Handler的参数orderNo处理不当,可能导致授权不当。
CVSS Information
N/A
Vulnerability Type
N/A