newbee-mall Default Seeded Administrator Credentials Allow Account Takeover

newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to change the default administrative credentials may allow unauthenticated attackers to log in as an administrator and gain full administrative control of the application.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

使用硬编码的凭证

newbee-mall 信任管理问题漏洞

newbee-mall是newbee开源的一套电子商务系统。 newbee-mall存在信任管理问题漏洞，该漏洞源于数据库初始化脚本中包含具有可预测默认密码的预置管理员账户，可能导致未经身份验证的攻击者以管理员身份登录并获得完全管理控制权。

N/A

N/A