CVE-2024-28560

Опубликовано: 22 мар. 2024

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the deleteArea() function of the Address.php component.

Ссылки

https://chiggerlor.substack.com/p/cve-2024-28560-cve-2024-28559
Exploit
Third Party Advisory
https://gitee.com/niushop-team/niushop_b2c_v5
Permissions Required
https://v5.niuteam.cn
Broken Link
https://www.niushop.com/
Vendor Advisory
https://chiggerlor.substack.com/p/cve-2024-28560-cve-2024-28559
Exploit
Third Party Advisory
https://gitee.com/niushop-team/niushop_b2c_v5
Permissions Required
https://v5.niuteam.cn
Broken Link
https://www.niushop.com/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:niushop:b2b2c_multi-business:*:*:*:*:*:*:*:*

Версия до 5.3.3 (включая)

EPSS

Процентиль: 68%

0.00578

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-v2vx-hcgc-qcvc