CVE-2020-19672
📋 TL;DR
This vulnerability in Niushop B2B2C Multi-business basic version allows attackers to bypass administrator authentication, access the background upload interface, and upload PHP files by circumventing the getimagesize() function validation. This leads to remote code execution (RCE) and potential system compromise. All users running the affected version are vulnerable.
💻 Affected Systems
- Niushop B2B2C Multi-business basic version
📦 What is this software?
Niushop by Niushop
⚠️ Risk & Real-World Impact
Worst Case
Complete system takeover with attacker gaining shell access, installing backdoors, stealing sensitive data, and using the server as a pivot point for further attacks.
Likely Case
Unauthenticated attackers upload web shells to execute arbitrary code, deface websites, steal customer data, and deploy cryptocurrency miners or ransomware.
If Mitigated
With proper file upload validation and authentication controls, attackers would be blocked from uploading malicious files or accessing the upload interface.
🎯 Exploit Status
Exploit details and proof-of-concept are publicly available on GitHub. Attackers can bypass authentication and upload PHP files without credentials.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: No official vendor advisory found
Restart Required: No
Instructions:
1. Check for official patches from Niushop vendor. 2. If no patch available, upgrade to latest version. 3. Apply workarounds listed below.
🔧 Temporary Workarounds
Restrict File Upload Types
allImplement server-side validation to only allow specific safe file extensions (e.g., .jpg, .png) and block .php files.
Modify upload handler to check file extension and MIME type before saving
Secure Upload Directory
linuxConfigure web server to prevent execution of PHP files in upload directories.
For Apache: Add 'php_flag engine off' to .htaccess in upload directory
For Nginx: Add 'location ~ \.php$ { deny all; }' to upload directory config
🧯 If You Can't Patch
- Disable file upload functionality entirely in the admin interface
- Implement Web Application Firewall (WAF) rules to block requests containing .php files in upload parameters
🔍 How to Verify
Check if Vulnerable:
Attempt to access the upload interface without authentication and test if PHP files can be uploaded by bypassing getimagesize() validation.Check Version:
Check Niushop version in admin panel or configuration filesVerify Fix Applied:
Test that authentication is required for upload interface and that PHP files are rejected regardless of parameter manipulation.📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to admin interfaces
- Requests to upload.php with .php extensions
- Failed authentication attempts followed by successful uploads
Network Indicators:
- HTTP POST requests to upload endpoints with PHP file content
- Unusual outbound connections from web server after upload
SIEM Query:
source="web_logs" AND (uri_path="/admin/upload" OR uri_path LIKE "%/upload%") AND (file_extension=".php" OR content_type="application/x-php")