CVE-2019-5886

An issue was discovered in ShopXO 1.2.0. In the application\install\controller\Index.php file, there is no validation lock file in the Add method, which allows an attacker to reinstall the database. The attacker can write arbitrary code to database.php during system reinstallation...

CVE-2019-5886

ShopXO 1.2.0 contains a vulnerability in the install/controller/Index.php Add method where there is no validation lock file, enabling database reinstallation. This can allow an attacker to write arbitrary code to database.php during system reinstallation, potentially leading to code execution and...