Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A file upload vulnerability in application/shop/controller/member.php in Niushop B2B2C Multi-business basic version V1.11 allows any remote member to upload a .php file to the web server via a profile avatar field, by using an image Content-Type (e.g., image/jpeg) with a modified filename and file content. This results in arbitrary code execution by requesting that .php file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Niushop B2B2C 安全漏洞
Vulnerability Description
Niushop B2B2C是一套用于创建B2B2C网站的系统。 Niushop B2B2C多商户基础版1.11版本中的application/shop/controller/member.php文件存在文件上传漏洞。远程攻击者可借助个人资料图像字段并通过使用被修改的图像(图像格式为image/jpeg等)利用该漏洞执行任意的代码。
CVSS Information
N/A
Vulnerability Type
N/A