CVE-2020-19672

Niushop B2B2C Multi-business basic version V1.11, can bypass the administrator to obtain the background upload interface, through parameter upload, bypass the getimagesize function, upload php file, getshell...

Design/Logic Flaw

Niushop B2B2C Multi-business basic version V1.11, can bypass the administrator to obtain the background upload interface, through parameter upload, bypass the getimagesize function, upload php file, getshell...

CVE-2020-19672

CVE-2020-19672 affects Niushop B2B2C Multi-business basic version V1.11. The vulnerability allows bypassing the administrator to access the background upload interface, exploiting an upload parameter to bypass getimagesize and upload a PHP file, leading to getshell. This is what the provided docu...

CVE-2020-19672

Niushop B2B2C Multi-business basic version V1.11, can bypass the administrator to obtain the background upload interface, through parameter upload, bypass the getimagesize function, upload php file, getshell...

CVE-2020-19670

Technical details are not publicly available in the provided connected documents for CVE-2020-19670 (Niushop 1.11 authentication bypass). Monitor for updates; no concrete root-cause, affected components, or remediation details are present in the supplied sources.

CVE-2020-19670

In Niushop B2B2C Multi-Business Basic Edition V1.11, authentication can be bypassed, causing administrators to reset any passwords...

CVE-2018-14570

CVE-2018-14570 describes a file upload vulnerability in Niushop B2B2C Multi-business basic version V1.11. The flaw exists in the file application/shop/controller/member.php and allows any remote member to upload a PHP file to the web server through the profile avatar field by using an image Conte...