CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the deleteArea function of the Address.php component...

5.4CVSS8.2AI score0.00578EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 9:46 a.m.•3 views

CVE-2024-25248

SQL Injection vulnerability in the orderGoodsDelivery function in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via the orderid parameter...

9.8CVSS8.3AI score0.00138EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 9:45 a.m.•4 views

CVE-2024-25247

SQL Injection vulnerability in /app/api/controller/Store.php in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via latitude and longitude parameters...

9.8CVSS9.9AI score0.00145EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 9:34 a.m.•6 views

CVE-2024-0933

A vulnerability was found in Niushop B2B2C V5 and classified as critical. Affected by this issue is some unknown functionality of the file \app\model\Upload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and ma...

9.8CVSS6.8AI score0.00077EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 7:46 a.m.•3 views

CVE-2024-28559

SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the setPrice function of the Goodsbatchset.php component...

8.8CVSS8.2AI score0.00582EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 4:28 p.m.•5 views

CVE-2020-19672

Niushop B2B2C Multi-business basic version V1.11, can bypass the administrator to obtain the background upload interface, through parameter upload, bypass the getimagesize function, upload php file, getshell...

9.8CVSS7AI score0.00433EPSS

Exploits1

RedhatCVE•added 2025/05/22 3:17 p.m.•6 views

CVE-2020-19670

In Niushop B2B2C Multi-Business Basic Edition V1.11, authentication can be bypassed, causing administrators to reset any passwords...

4.9CVSS7.2AI score0.00213EPSS

Exploits1

RedhatCVE•added 2025/05/22 8:23 a.m.•6 views

CVE-2019-16310

NIUSHOP V1.11 has XSS via the index.php?s=/admin URI...

5.4CVSS5.9AI score0.00281EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 8:12 a.m.•6 views

CVE-2019-16311

NIUSHOP V1.11 has CSRF via searchinfo to index.php...

8.8CVSS7AI score0.00182EPSS

Exploits1References1

NVD•added 2024/03/22 12:15 p.m.•8 views

CVE-2024-28559

SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the setPrice function of the Goodsbatchset.php component...

8.8CVSS7.7AI score0.00582EPSS

Exploits1References5

NVD•added 2024/03/22 12:15 p.m.•7 views

CVE-2024-28560

SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the deleteArea function of the Address.php component...

5.4CVSS7.7AI score0.00578EPSS

Exploits1References4

OSV•added 2024/03/22 12:15 p.m.•1 views

CVE-2024-28560

SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the deleteArea function of the Address.php component...

5.4CVSS5.8AI score0.00582EPSS

Exploits2References4

OSV•added 2024/03/22 12:15 p.m.•1 views

CVE-2024-28559

SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the setPrice function of the Goodsbatchset.php component...

8.8CVSS5.8AI score0.00582EPSS

Exploits2References5

Cvelist•added 2024/03/22 12:0 a.m.•14 views

CVE-2024-28560

SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the deleteArea function of the Address.php component...

8AI score0.00578EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by