CVE-2020-26008

2022-03-2022:15:07

Google

osv.dev

8.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.4%

JSON

The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via uploading a crafted PHP file.

CPENameOperatorVersion
shopxoeq1.1.0
shopxoeq1.8.0
shopxoeq1.2.0
shopxoeq1.6.0
shopxoeq1.4.0
shopxoeq1.9.0
shopxoeq1.7.0
shopxoeq1.8.1
shopxoeq1.5.0

Name	Operator	Version
shopxo	eq	1.1.0
shopxo	eq	1.8.0
shopxo	eq	1.2.0
shopxo	eq	1.6.0
shopxo	eq	1.4.0
shopxo	eq	1.9.0
shopxo	eq	1.7.0
shopxo	eq	1.8.1
shopxo	eq	1.5.0

References

github.com/gongfuxiang/shopxo/issues/47