Remote Privilege Escalation in NewBeeMall: Unauthorized User Information Modification

Remote Privilege Escalation in NewBeeMall: Unauthorized User Information Modification

CVE-2020-23449 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information through the userID.

Learn more about our User Device Pen Test.