VYPR
High severity8.8NVD Advisory· Published Jul 23, 2018· Updated Jun 17, 2026

CVE-2018-14570

CVE-2018-14570

Description

A file upload vulnerability in application/shop/controller/member.php in Niushop B2B2C Multi-business basic version V1.11 allows any remote member to upload a .php file to the web server via a profile avatar field, by using an image Content-Type (e.g., image/jpeg) with a modified filename and file content. This results in arbitrary code execution by requesting that .php file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Niushop/Niushopinferred2 versions
    <= 1.11+ 1 more
    • (no CPE)range: <= 1.11
    • (no CPE)range: = V1.11

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.