Trung

**Name of the Vulnerable Software and Affected Versions** Niushop B2B2C versions 5.3.3 and earlier **Description** The issue allows an attacker to escalate privileges via the `deleteArea()` function of the Address.php component or the `setPrice()` function of the Goodsbatchset.php component. This is a SQL injection vulnerability. **Recommendations** For versions 5.3.3 and earlier, as a temporary workaround, consider disabling the `deleteArea()` function and the `setPrice()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.