| ଶୀର୍ଷକ | newbee-mall-plusnew newbee-mall-plus <=2.4.1 Improper Control of Resource Identifiers |
|---|
| ବର୍ଣ୍ଣନା | A Broken Access Control vulnerability exists in newbee-mall-plus ≤ 2.4.1, where the userid parameter in the /seckillExecution/{goodsId}/{userId}/{md5} endpoint is not properly validated. Attackers can modify the userid value to perform seckill (flash-sale) order operations on behalf of other users, leading to unauthorized order creation and potential account abuse. |
|---|
| ଉତ୍ସ | ⚠️ https://github.com/Hwwg/cve/issues/4 |
|---|
| ଉପଭୋକ୍ତା | huangweigang (UID 88993) |
|---|
| ଦାଖଲ | 10/21/2025 06:54 PM (4 ମାସ[ସମ୍ପାଦନା] ago) |
|---|
| ମଧ୍ୟମ ଧରଣର | 11/07/2025 07:56 AM (17 days later) |
|---|
| ସ୍ଥିତି | ଗ୍ରହଣ କରାଯାଇଛି |
|---|
| VulDB ଏଣ୍ଟ୍ରି | 331500 [newbee-mall-plus ଯେପର୍ଯ୍ୟନ୍ତ 2.4.1 /seckillExecution/ executeSeckill userid ବିସ୍ତାରିତ ଅଧିକାର] |
|---|
| ପଏଣ୍ଟ | 19 |
|---|