7.1 High
AI Score
Confidence
High
0.007 Low
EPSS
Percentile
80.9%
Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in “/index.php” by manipulating the parameter “user_id” in the HTML request.
cwe.mitre.org/data/definitions/472.html
github.com/gongfuxiang/shopxo/issues/23