CVE-2020-23448

Name of the Vulnerable Software and Affected Versions newbee-mall all versions

Description The issue concerns incorrect access control, allowing remote privilege escalation through the AdminLoginInterceptor.java file. Specifically, the authentication logic for the system's background /admin area, coded in AdminLoginInterceptor, can be bypassed.

Recommendations For all versions, consider restricting access to the AdminLoginInterceptor function until a proper fix is implemented to prevent unauthorized access and privilege escalation. As a temporary workaround, review and reinforce the authentication logic to prevent bypassing, focusing on securing the background /admin area.