CVE-2024-28559

SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the setPrice function of the Goodsbatchset.php component...

CVE-2024-28559

CVE-2024-28559/Security issue in Niushop B2B2C (v5.3.3 and earlier) is a SQL injection in the setPrice() function of Goodsbatchset.php, enabling privilege escalation. Documented impact includes high severity (CVSSv3.1: 8.8, Network vector, Privileges Required: Low, User Interaction: None, Confide...

CVE-2024-28559

SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the setPrice function of the Goodsbatchset.php component...

Niushop B2B2C 安全漏洞

Niushop niushop b2b2c is a PHP open source e-commerce multi-merchant system from China Niukoo Information Technology Niushop. A security vulnerability exists in Niushop B2B2C v.5.3.3 and earlier versions. An attacker exploited the vulnerability to extract power via the setPrice function of the...

PT-2024-22462 · Unknown · Niushop B2B2C

Name of the Vulnerable Software and Affected Versions: Niushop B2B2C versions 5.3.3 and earlier Description: A SQL injection issue allows an attacker to escalate privileges via the setPrice function of the Goodsbatchset.php component. The vulnerability is critical and can be exploited to gain...

CVE-2024-28559

SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the setPrice function of the Goodsbatchset.php component...

Price can deviate by much more than maxDeviationRate

Lines of code Vulnerability details Description NFTFloorOracle retrieves ERC721 prices for ParaSpace. maxPriceDeviation is a configurable parameter, which limits the change percentage from current price to a new feed update. function checkValidityaddress asset, uint256 twap internal view returns...