CVE-2020-19672 Information

Feb 14, 2021 cve

Description

Niushop B2B2C Multi-business basic version V1.11 can bypass the administrator to obtain the background upload interface through parameter upload bypass the getimagesize function upload php file getshell.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://github.com/bluecity/CMS/blob/master/niushop20v1.1-upload/Niushop20Multi-business20V1.11-en.md

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8

Share on: