CNNVD-202509-2276 Information

CNNVD ID

CNNVD-202509-2276

Related CVE

CVE-2025-10423

• CNNVD Published: 2025-09-15

Description (Chinese)

newbee-mall是newbee开源的一套电子商务系统。 newbee-mall 1.0版本存在安全漏洞，该漏洞源于文件/common/mall/kaptcha中的函数mallKaptcha生成可猜测的验证码，可能导致远程攻击。

Description (English)

Newbee-mall is an open-source e-commerce system for newbees. There is a security loophole in version 1.0 of newbee-mall, which originates from the function mallKaptcha in document/common/mall/kaptcha, which generates guessable authentication codes that may lead to a remote attack.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

newbee

Published

2025-09-15

Last Modified

2026-02-24

References

https://github.com/newbee-ltd/newbee-mall/issues/101 https://github.com/newbee-ltd/newbee-mall/issues/101#issue-3380163659 https://vuldb.com/?ctiid.323857 https://vuldb.com/?id.323857 https://vuldb.com/?submit.647066