📦 Shopxo

ShopXO 6.4.0 contains an unrestricted file upload vulnerability in ThemeDataService.php that allows attackers to upload malicious files. This can lead to remote code execution or server compromise. Al...

CVE-2020-19778 is an incorrect access control vulnerability in Shopxo e-commerce software that allows remote attackers to escalate privileges by manipulating the 'user_id' parameter. Attackers can gai...

This CVE describes a remote code execution vulnerability in ShopXO e-commerce platform version 1.9.3. Attackers can upload malicious PHAR files disguised as JPG images, which when processed by the app...

ShopXO CMS 2.2.0 contains an arbitrary file upload vulnerability in three locations within the management interface. This allows authenticated attackers to upload malicious files to the server, potent...

This vulnerability allows attackers to upload arbitrary PHP files to ShopXO v1.9.0 through the PluginsUpload function, leading to remote code execution. Any ShopXO installation with the vulnerable ver...

ShopXO v6.4.0 contains a Server-Side Request Forgery (SSRF) vulnerability in its email settings functionality. This allows authenticated attackers to make the server send HTTP requests to arbitrary in...

This vulnerability in ShopXO allows remote attackers to perform injection attacks through the template handler component. It affects all ShopXO installations up to version 6.4.0. Attackers can potenti...

This is a Server-Side Request Forgery (SSRF) vulnerability in ShopXO's Uploader.php component. Attackers can manipulate the 'source' parameter to make the server send unauthorized requests to internal...