CVE-2024-28559

Name of the Vulnerable Software and Affected Versions Niushop B2B2C versions 5.3.3 and earlier

Description A SQL injection issue allows an attacker to escalate privileges via the setPrice() function of the Goodsbatchset.php component. The vulnerability is critical and can be exploited to gain unauthorized access. It is recommended to review database access to minimize the risk. The issue is only vulnerable on the local network, and there is no known exploit available yet.

Recommendations For Niushop B2B2C versions 5.3.3 and earlier, consider disabling the setPrice() function of the Goodsbatchset.php component as a temporary workaround until a patch is available. Restrict access to the Goodsbatchset.php component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.