B2b2c Multi-business Security Vulnerabilities and Issues — B2b2c Multi-business CVE List

Lucene search

NiushopB2b2c Multi-business

6 matches found

CVE•added 2024/02/26 10:15 p.m.•8233 views

CVE-2024-25248

SQL Injection vulnerability in the orderGoodsDelivery() function in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via the order_id parameter.

9.8CVSS8.2AI score0.0014EPSS

CVE•added 2024/02/26 11:15 p.m.•4334 views

CVE-2024-25247

SQL Injection vulnerability in /app/api/controller/Store.php in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via latitude and longitude parameters.

9.8CVSS8.2AI score0.00108EPSS

CVE•added 2024/03/22 12:15 p.m.•50 views

CVE-2024-28560

SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the deleteArea() function of the Address.php component.

5.4CVSS8.1AI score0.00426EPSS

CVE•added 2024/03/22 12:15 p.m.•47 views

CVE-2024-28559

SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the setPrice() function of the Goodsbatchset.php component.

8.8CVSS8.1AI score0.00429EPSS

CVE•added 2024/01/26 5:15 p.m.•44 views

CVE-2024-0933

A vulnerability was found in Niushop B2B2C V5 and classified as critical. Affected by this issue is some unknown functionality of the file \app\model\Upload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may ...

9.8CVSS9.3AI score0.00077EPSS

CVE•added 2018/07/23 8:29 p.m.•30 views

CVE-2018-14570

A file upload vulnerability in application/shop/controller/member.php in Niushop B2B2C Multi-business basic version V1.11 allows any remote member to upload a .php file to the web server via a profile avatar field, by using an image Content-Type (e.g., image/jpeg) with a modified filename and file ...

8.8CVSS8.8AI score0.00885EPSS