ГлавнаяУязвимости → CVE-2024-28559
8.8высокая

CVE-2024-28559

Описание

SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the setPrice() function of the Goodsbatchset.php component.

Затрагиваемое ПО
Niushop B2b2c multi-business
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://chiggerlor.substack.com/p/cve-2024-28560-cve-2024-28559https://gitee.com/niushop-team/niushop_b2c_v5https://v5.niuteam.cnhttps://v5.niuteam.cn/https://www.niushop.com/https://chiggerlor.substack.com/p/cve-2024-28560-cve-2024-28559https://gitee.com/niushop-team/niushop_b2c_v5https://v5.niuteam.cn