47 matches found
CVE-2021-27817
A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the suffix is JPG, which is uploaded after modifying the phar suffix...
CVE-2025-1611
A vulnerability was found in ShopXO up to 6.4.0. It has been classified as problematic. This affects an unknown part of the file app/service/ThemeAdminService.php of the component Template Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit ha...
EUVD-2019-15455
Malware in sbrugna...
EUVD-2020-18637
Malware in sbrugna...
EUVD-2025-5496
Malicious code in bioql PyPI...
EUVD-2025-4385
Malicious code in bioql PyPI...
EUVD-2025-21298
Malicious code in bioql PyPI...
EUVD-2024-41070
Malicious code in bioql PyPI...
EUVD-2022-4351
Malicious code in bioql PyPI...
EUVD-2024-2319
Malicious code in bioql PyPI...
CVE-2025-7567
A vulnerability was found in ShopXO up to 6.5.0 and classified as problematic. This issue affects some unknown processing of the file header.html. The manipulation of the argument lang/systemtype leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed t...
CVE-2025-7567
The CVE-2025-7567 issue affects the ShopXO web application up to version 6.5.0, specifically involving the header.html processing where manipulating the lang/system_type parameter enables Cross-Site Scripting (XSS). The vulnerability can be triggered remotely, and publicly disclosed exploits exis...
CVE-2025-7567 ShopXO header.html cross site scripting
A vulnerability was found in ShopXO up to 6.5.0 and classified as problematic. This issue affects some unknown processing of the file header.html. The manipulation of the argument lang/systemtype leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed t...
CVE-2025-7567 ShopXO header.html cross site scripting
A vulnerability was found in ShopXO up to 6.5.0 and classified as problematic. This issue affects some unknown processing of the file header.html. The manipulation of the argument lang/systemtype leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed t...
CVE-2025-5108
A vulnerability was found in zongzhige ShopXO 6.5.0. It has been rated as critical. This issue affects the function Upload of the file app/admin/controller/Payment.php of the component ZIP File Handler. The manipulation of the argument params leads to unrestricted upload. The attack may be...
CVE-2025-5108
CVE-2025-5108 affects zongzhige ShopXO 6.5.0. The issue is in the Upload function of app/admin/controller/Payment.php (ZIP File Handler); manipulation of the params argument enables unrestricted file upload. Exploitation is possible remotely with no user interaction, and multiple sources note pub...
CVE-2024-44682
ShopXO 6.2 is vulnerable to Cross Site Scripting XSS in the backend that allows attackers to execute code by changing POST parameters...
CVE-2024-6524
A vulnerability was found in ShopXO up to 6.1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file extend/base/Uploader.php. The manipulation of the argument source leads to server-side request forgery. The attack can be launched remotely. Th...
PT-2025-22793 · Shopxo · Shopxo
Name of the Vulnerable Software and Affected Versions: zongzhige ShopXO version 6.5.0 Description: A critical issue affects the function Upload of the file app/admin/controller/Payment.php of the component ZIP File Handler. The manipulation of the argument params leads to unrestricted upload. The...
CVE-2022-28056
ShopXO v2.2.5 and below was discovered to contain a system re-install vulnerability via the Add function in app/install/controller/Index.php...