Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

b2b2c_multi-business

Source -

ADPNVD

CNA CVEs -

0

ADP CVEs -

2

CISA CVEs -

0

NVD CVEs -

5
Related CVEsRelated VendorsRelated AssignersReports
6Vulnerabilities found
CVE-2024-28559
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.58% / 67.96%
||
7 Day CHG~0.00%
Published-22 Mar, 2024 | 00:00
Updated-28 May, 2025 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the setPrice() function of the Goodsbatchset.php component.

Action-Not Available
Vendor-niushopn/aniushop
Product-b2b2c_multi-businessn/ab2b2c_multi-business
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-28560
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.58% / 67.83%
||
7 Day CHG~0.00%
Published-22 Mar, 2024 | 00:00
Updated-28 May, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the deleteArea() function of the Address.php component.

Action-Not Available
Vendor-niushopn/aniushop
Product-b2b2c_multi-businessn/aniushop
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-25247
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 29.72%
||
7 Day CHG~0.00%
Published-26 Feb, 2024 | 00:00
Updated-29 Aug, 2024 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL Injection vulnerability in /app/api/controller/Store.php in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via latitude and longitude parameters.

Action-Not Available
Vendor-n/aniushop
Product-n/ab2b2c_multi-business
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-25248
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.14% / 34.63%
||
7 Day CHG~0.00%
Published-26 Feb, 2024 | 00:00
Updated-27 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL Injection vulnerability in the orderGoodsDelivery() function in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via the order_id parameter.

Action-Not Available
Vendor-niushopn/a
Product-b2b2c_multi-businessn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-0933
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 23.56%
||
7 Day CHG~0.00%
Published-26 Jan, 2024 | 17:00
Updated-29 May, 2025 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Niushop B2B2C Upload.php unrestricted upload

A vulnerability was found in Niushop B2B2C V5 and classified as critical. Affected by this issue is some unknown functionality of the file \app\model\Upload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252140. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-niushopNiushop
Product-b2b2c_multi-businessB2B2C
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2018-14570
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.89% / 74.48%
||
7 Day CHG~0.00%
Published-23 Jul, 2018 | 20:00
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A file upload vulnerability in application/shop/controller/member.php in Niushop B2B2C Multi-business basic version V1.11 allows any remote member to upload a .php file to the web server via a profile avatar field, by using an image Content-Type (e.g., image/jpeg) with a modified filename and file content. This results in arbitrary code execution by requesting that .php file.

Action-Not Available
Vendor-niushopn/a
Product-b2b2c_multi-businessn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type