Newbee Mall

Source repositories

CVE	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2025-10422	Med	0.28	4.3	0.00		Sep 15, 2025	A vulnerability has been found in newbee-mall up to 613a662adf1da7623ec34459bc83e3c1b12d8ce7. This issue affects the function paySuccess of the file /paySuccess of the component Order Status Handler. The manipulation of the argument orderNo leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.
CVE-2025-10423	Low	0.24	3.7	0.00		Sep 15, 2025	A vulnerability was found in newbee-mall 1.0. Impacted is the function mallKaptcha of the file /common/mall/kaptcha. The manipulation results in guessable captcha. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is considered difficult. The exploit has been made public and could be used.