Newbee Mall Default Admin Credentials Allow Unauthenticated Access

Vulnerability

A vulnerability exists in Newbee Mall versions through 1.0.0, where pre-seeded administrator accounts are included in the database initialization script. These accounts come with a predictable default password. If the database is initialized or reset using the provided schema without changing the default credentials, unauthenticated attackers may log in as administrators and gain full control of the application. Additionally, the application uses unsalted MD5 hashing for passwords, allowing for easy cracking of the default passwords.

Impact

Exploitation of this vulnerability could lead to unauthorized administrative access, allowing attackers to take full control of the application.

Added: Feb 12, 2026, 7:18 PM

Updated: Feb 12, 2026, 7:18 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.0

exploitability

9.3

remediation

0.0

relevance

2.7

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.0

exploitability

9.3

remediation

0.0

relevance

2.7

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Newbee Mall Default Admin Credentials Allow Unauthenticated Access

Vulnerability

Impact

Affected Products

newbee-mall

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating