CVE-2025-10422

Medium CVSS: 5.3

A vulnerability has been found in newbee-mall up to 613a662adf1da7623ec34459bc83e3c1b12d8ce7. This issue affects the function paySuccess of the file /paySuccess of the component Order Status Handler. The manipulation of the argument orderNo leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.

Vendor

Newbee-mall Project

Product

Newbee-mall

CWE

CWE-266

Yayın Tarihi

2025-09-15 03:15:40

Güncelleme

2025-10-14 19:37:43

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-266 Newbee-mall MEDIUM Newbee-mall Project 2025

Referanslar

https://github.com/newbee-ltd/newbee-mall/issues/100 https://github.com/newbee-ltd/newbee-mall/issues/100#issue-3379977698 https://vuldb.com/?ctiid.323856 https://vuldb.com/?id.323856 https://vuldb.com/?submit.646997

Benzer Kayıtlar

Critical

CVE-2026-26218

newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisi…

Critical

CVE-2026-26219

newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not inco…

Medium

CVE-2025-10423

A vulnerability was found in newbee-mall 1.0. Impacted is the function mallKaptcha of the file /common/mall/kaptcha. The…

Medium

CVE-2025-4259

A vulnerability has been found in newbee-mall 1.0 and classified as critical. Affected by this vulnerability is the func…

Medium

CVE-2025-1114

A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /…