CVE-2026-12204

A vulnerability was determined in ShopXO up to 6.7.1. This vulnerability affects the function OrderClose/OrderSuccess/PayLogOrderClose/GoodsGiveIntegral of the file app/api/controller/Crontab.php of the component Scheduled Task Endpoint. Executing a manipulation can lead to authorization bypass...

CVE-2026-12204 ShopXO Scheduled Task Endpoint Crontab.php GoodsGiveIntegral authorization

A vulnerability was determined in ShopXO up to 6.7.1. This vulnerability affects the function OrderClose/OrderSuccess/PayLogOrderClose/GoodsGiveIntegral of the file app/api/controller/Crontab.php of the component Scheduled Task Endpoint. Executing a manipulation can lead to authorization bypass...

CVE-2026-12204 ShopXO Scheduled Task Endpoint Crontab.php GoodsGiveIntegral authorization

A vulnerability was determined in ShopXO up to 6.7.1. This vulnerability affects the function OrderClose/OrderSuccess/PayLogOrderClose/GoodsGiveIntegral of the file app/api/controller/Crontab.php of the component Scheduled Task Endpoint. Executing a manipulation can lead to authorization bypass...

CVE-2026-12204

Summary : CVE-2026-12204 affects ShopXO up to version 6.7.1. The vulnerability resides in the Scheduled Task Endpoint, notably the file app/api/controller/Crontab.php, affecting functions OrderClose, OrderSuccess, PayLogOrderClose, and GoodsGiveIntegral. The issue allows remote manipulation that ...

EUVD-2026-36679

A vulnerability was determined in ShopXO up to 6.7.1. This vulnerability affects the function OrderClose/OrderSuccess/PayLogOrderClose/GoodsGiveIntegral of the file app/api/controller/Crontab.php of the component Scheduled Task Endpoint. Executing a manipulation can lead to authorization bypass...

PT-2026-49165

Name of the Vulnerable Software and Affected Versions ShopXO versions prior to 6.7.2 Description An authorization bypass exists in the Scheduled Task Endpoint within the app/api/controller/Crontab.php file. This issue allows a remote attacker to bypass authorization by manipulating the OrderClose...

CVE-2021-27817

A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the suffix is JPG, which is uploaded after modifying the phar suffix...

CVE-2020-24220

ShopXO v1.8.1 has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands and gain control of the server...

CVE-2025-1611

A vulnerability was found in ShopXO up to 6.4.0. It has been classified as problematic. This affects an unknown part of the file app/service/ThemeAdminService.php of the component Template Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit ha...

EUVD-2019-15456

Malware in sbrugna...

EUVD-2020-18638

Malware in sbrugna...

EUVD-2019-15455

Malware in sbrugna...

EUVD-2020-18637

Malware in sbrugna...

EUVD-2020-11676

Malware in sbrugna...

EUVD-2020-16955

Malware in sbrugna...

EUVD-2025-4385

Malicious code in bioql PyPI...

EUVD-2025-8656

Malicious code in bioql PyPI...

EUVD-2024-41070

Malicious code in bioql PyPI...

EUVD-2025-8672

Malicious code in bioql PyPI...

EUVD-2025-8655

Malicious code in bioql PyPI...