Vulnerabilities > Niushop
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-26 | CVE-2024-0933 | Unrestricted Upload of File with Dangerous Type vulnerability in Niushop B2B2C Multi-Business 5.0 A vulnerability was found in Niushop B2B2C V5 and classified as critical. | 9.8 |
| 2020-09-30 | CVE-2020-19672 | Unrestricted Upload of File with Dangerous Type vulnerability in Niushop 1.11 Niushop B2B2C Multi-business basic version V1.11, can bypass the administrator to obtain the background upload interface, through parameter upload, bypass the getimagesize function, upload php file, getshell. | 9.8 |
| 2020-09-30 | CVE-2020-19670 | Missing Authentication for Critical Function vulnerability in Niushop 1.11 In Niushop B2B2C Multi-Business Basic Edition V1.11, authentication can be bypassed, causing administrators to reset any passwords. | 4.9 |
| 2019-09-14 | CVE-2019-16311 | Cross-Site Request Forgery (CSRF) vulnerability in Niushop 1.11 NIUSHOP V1.11 has CSRF via search_info to index.php. | 8.8 |
| 2019-09-14 | CVE-2019-16310 | Cross-site Scripting vulnerability in Niushop 1.11 NIUSHOP V1.11 has XSS via the index.php?s=/admin URI. | 5.4 |
| 2018-07-23 | CVE-2018-14570 | Unrestricted Upload of File with Dangerous Type vulnerability in Niushop B2B2C Multi-Business 1.11 A file upload vulnerability in application/shop/controller/member.php in Niushop B2B2C Multi-business basic version V1.11 allows any remote member to upload a .php file to the web server via a profile avatar field, by using an image Content-Type (e.g., image/jpeg) with a modified filename and file content. | 8.8 |