Niushop
CVE-2020-19670
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
In Niushop B2B2C Multi-Business Basic Edition V1.11, authentication can be bypassed, causing administrators to reset any passwords.
AnalysisAI
In Niushop B2B2C Multi-Business Basic Edition V1.11, authentication can be bypassed, causing administrators to reset any passwords. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Missing Authentication for Critical Function (CWE-306), which allows attackers to access critical functionality without authentication. In Niushop B2B2C Multi-Business Basic Edition V1.11, authentication can be bypassed, causing administrators to reset any passwords. Affected products include: Niushop.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Require authentication for all sensitive operations, implement defense in depth.
Niushop B2B2C Multi-business basic version V1.11, can bypass the administrator to obtain the background upload interface
NIUSHOP V1.11 has CSRF via search_info to index.php. Rated high severity (CVSS 8.8), this vulnerability is remotely
NIUSHOP V1.11 has XSS via the index.php?s=/admin URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely e
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today