newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. The authentication logic of the system’s background /admin is in code AdminLoginInterceptor, which can be bypassed.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23448
Reference (s):
- https://github.com/newbee-ltd/newbee-mall/issues/34