Vulnerabilities > Niushop

DATE CVE VULNERABILITY TITLE RISK
2024-01-26 CVE-2024-0933 Unrestricted Upload of File with Dangerous Type vulnerability in Niushop B2B2C Multi-Business 5.0
A vulnerability was found in Niushop B2B2C V5 and classified as critical.
network
low complexity
niushop CWE-434
critical
9.8
2020-09-30 CVE-2020-19672 Unrestricted Upload of File with Dangerous Type vulnerability in Niushop 1.11
Niushop B2B2C Multi-business basic version V1.11, can bypass the administrator to obtain the background upload interface, through parameter upload, bypass the getimagesize function, upload php file, getshell.
network
low complexity
niushop CWE-434
critical
9.8
2020-09-30 CVE-2020-19670 Missing Authentication for Critical Function vulnerability in Niushop 1.11
In Niushop B2B2C Multi-Business Basic Edition V1.11, authentication can be bypassed, causing administrators to reset any passwords.
network
low complexity
niushop CWE-306
4.9
2019-09-14 CVE-2019-16311 Cross-Site Request Forgery (CSRF) vulnerability in Niushop 1.11
NIUSHOP V1.11 has CSRF via search_info to index.php.
network
low complexity
niushop CWE-352
8.8
2019-09-14 CVE-2019-16310 Cross-site Scripting vulnerability in Niushop 1.11
NIUSHOP V1.11 has XSS via the index.php?s=/admin URI.
network
low complexity
niushop CWE-79
5.4
2018-07-23 CVE-2018-14570 Unrestricted Upload of File with Dangerous Type vulnerability in Niushop B2B2C Multi-Business 1.11
A file upload vulnerability in application/shop/controller/member.php in Niushop B2B2C Multi-business basic version V1.11 allows any remote member to upload a .php file to the web server via a profile avatar field, by using an image Content-Type (e.g., image/jpeg) with a modified filename and file content.
network
low complexity
niushop CWE-434
8.8