Niushop

niushop

Vendor: Niushop • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-19672 1Niushop 1Niushop Jun 17, 2026 Sep 30, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Niushop B2B2C Multi-business basic version V1.11, can bypass the administrator to obtain the background upload interface, through parameter upload, bypass the getimagesize function, upload php file, getshell.
CVE-2020-19670 1Niushop 1Niushop Jun 17, 2026 Sep 30, 2020 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 In Niushop B2B2C Multi-Business Basic Edition V1.11, authentication can be bypassed, causing administrators to reset any passwords.
CVE-2019-16311 1Niushop 1Niushop Jun 17, 2026 Sep 14, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 NIUSHOP V1.11 has CSRF via search_info to index.php.
CVE-2019-16310 1Niushop 1Niushop Jun 17, 2026 Sep 14, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 NIUSHOP V1.11 has XSS via the index.php?s=/admin URI.