CVE-2020-26007

2022-03-2022:15:07

Google

osv.dev

8.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.4%

JSON

An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.

CPENameOperatorVersion
shopxoeq1.1.0
shopxoeq1.8.0
shopxoeq1.2.0
shopxoeq1.6.0
shopxoeq1.4.0
shopxoeq1.9.0
shopxoeq1.7.0
shopxoeq1.8.1
shopxoeq1.5.0

Name	Operator	Version
shopxo	eq	1.1.0
shopxo	eq	1.8.0
shopxo	eq	1.2.0
shopxo	eq	1.6.0
shopxo	eq	1.4.0
shopxo	eq	1.9.0
shopxo	eq	1.7.0
shopxo	eq	1.8.1
shopxo	eq	1.5.0

References

github.com/gongfuxiang/shopxo/issues/48