CNNVD-202511-730 Information

CNNVD ID

CNNVD-202511-730

Related CVE

CVE-2025-12854

• CNNVD Published: 2025-11-07

Description (Chinese)

newbee-mall-plus是newbee-ltd开源的一个电商系统。 newbee-mall-plus 2.4.1及之前版本存在安全漏洞，该漏洞源于对文件/seckillExecution/中参数userid的错误操作，可能导致授权绕过。

Description (English)

Newbee-mall-plus is a newbee-ltd power source. There is a security loophole in the newbee-mall-plus 2.4.1 and earlier versions, which stems from an error in the use of the parameter used in document/seckillExaction/, which may result in the authorization being bypassed.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

newbee-ltd

Published

2025-11-07

Last Modified

2026-02-24

References

https://github.com/Hwwg/cve/issues/4 https://vuldb.com/?ctiid.331500 https://vuldb.com/?id.331500 https://vuldb.com/?submit.679281 https://access.redhat.com/security/cve/cve-2025-12854