CNNVD-202509-2281 Information

CNNVD ID

CNNVD-202509-2281

Related CVE

CVE-2025-10422

• CNNVD Published: 2025-09-15

Description (Chinese)

newbee-mall是newbee开源的一套电子商务系统。 newbee-mall存在授权问题漏洞，该漏洞源于对文件/paySuccess中组件Order Status Handler的参数orderNo处理不当，可能导致授权不当。

Description (English)

Newbee-mall is an open-source e-commerce system for newbees. Newbee-mall has a mandate gap that stems from the inappropriate handling of Order Status Handler ’ s parameter in the document/paySuccess, which may lead to the wrong authorization.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

newbee

Published

2025-09-15

Last Modified

2026-02-24

References

https://github.com/newbee-ltd/newbee-mall/issues/100 https://github.com/newbee-ltd/newbee-mall/issues/100#issue-3379977698 https://vuldb.com/?ctiid.323856 https://vuldb.com/?id.323856 https://vuldb.com/?submit.646997