SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an malicious user to escalate privileges via the deleteArea() function of the Address.php component.