2021-01-26 17:15:53
mitre
PUBLISHED
newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. The authentication logic of the systems background /admin is in code AdminLoginInterceptor, which can be bypassed.