3 matches found
CVE-2024-28560
SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the deleteArea function of the Address.php component...
CVE-2024-28560
SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the deleteArea function of the Address.php component...
CVE-2024-28560
Affected product : Niushop B2B2C, all versions up to 5.3.3. Vulnerability : SQL injection in Niushop B2B2C, enabling privilege escalation via functions in Address.php (deleteArea()) and, per several sources, also via Goodsbatchset.php (setPrice()). Root cause : Improper handling of user-supplied ...