CVE-2024-28559

Опубликовано: 22 мар. 2024

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the setPrice() function of the Goodsbatchset.php component.

Ссылки

https://chiggerlor.substack.com/p/cve-2024-28560-cve-2024-28559
Exploit
Third Party Advisory
https://gitee.com/niushop-team/niushop_b2c_v5
Permissions Required
https://v5.niuteam.cn
Broken Link
https://v5.niuteam.cn/
Broken Link
https://www.niushop.com/
Vendor Advisory
https://chiggerlor.substack.com/p/cve-2024-28560-cve-2024-28559
Exploit
Third Party Advisory
https://gitee.com/niushop-team/niushop_b2c_v5
Permissions Required
https://v5.niuteam.cn
Broken Link
https://v5.niuteam.cn/
Broken Link
https://www.niushop.com/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:niushop:b2b2c_multi-business:*:*:*:*:*:*:*:*

Версия до 5.3.3 (включая)

EPSS

Процентиль: 68%

0.00582

Низкий

8.8 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-ffxp-7rpg-9hwh