Lucene search

Niushop Security Vulnerabilities

cve

CVE-2019-16310

NIUSHOP V1.11 has XSS via the index.php?s=/admin URI.

5.4CVSS

5.2AI Score

0.001EPSS

2019-09-14 04:15 PM

cve

CVE-2019-16311

NIUSHOP V1.11 has CSRF via search_info to index.php.

8.8CVSS

8.6AI Score

0.001EPSS

2019-09-14 04:15 PM

cve

CVE-2020-19670

In Niushop B2B2C Multi-Business Basic Edition V1.11, authentication can be bypassed, causing administrators to reset any passwords.

4.9CVSS

5.3AI Score

0.001EPSS

2020-09-30 06:15 PM

cve

CVE-2020-19672

Niushop B2B2C Multi-business basic version V1.11, can bypass the administrator to obtain the background upload interface, through parameter upload, bypass the getimagesize function, upload php file, getshell.

9.8CVSS

9.3AI Score

0.005EPSS

2020-09-30 06:15 PM