Lennon Chia

**Name of the Vulnerable Software and Affected Versions** newbee-mall (affected versions not specified) **Description** The application includes pre-seeded administrator accounts in its database initialization script, which are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to change these default administrative credentials may allow unauthenticated attackers to log in as an administrator and gain full administrative control of the application. The application’s database contains default admin accounts with predictable passwords. **Recommendations** Change the default administrative credentials to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** newbee-mall (affected versions not specified) **Description** The software stores and verifies user passwords using an unsalted MD5 hashing algorithm. This implementation lacks per-user salts and computational cost controls. Attackers obtaining password hashes through various compromise methods can recover plaintext credentials via offline attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DoraCMS versions prior to 3.1 **Description** The software contains a server-side request forgery (SSRF) issue in its UEditor remote image fetch functionality. The application takes user-provided URLs and makes server-side HTTP or HTTPS requests without proper validation or restrictions. The implementation lacks allowlists, blocks for internal IP addresses, and request timeouts or response size limits. An attacker can exploit this to make the server send requests to any host, including internal network resources, potentially allowing network scanning and denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** macrozheng mall versions prior to 1.0.4 **Description** The software contains an authentication issue in the password reset process. An unauthenticated attacker can reset user account passwords using only a victim’s telephone number. The one-time password (OTP) is exposed in the API response and password reset requests are validated by comparing the provided OTP to a value stored by telephone number, without verifying user identity or ownership of the telephone number. This allows for remote account takeover of any user with a known or guessable telephone number. The vulnerable API endpoint is the password reset flow within the `mall-portal`. The vulnerability exploits the lack of verification of user identity and telephone number ownership during password reset requests. **Recommendations** Update macrozheng mall to version 1.0.4 or later.