Remote Privilege Escalation in NewBeeMall: Unauthorized User Information Modification
CVE-2020-23449 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information through the userID.
Learn more about our User Device Pen Test.