CVE-2026-12204

A vulnerability was determined in ShopXO up to 6.7.1. This vulnerability affects the function OrderClose/OrderSuccess/PayLogOrderClose/GoodsGiveIntegral of the file app/api/controller/Crontab.php of the component Scheduled Task Endpoint. Executing a manipulation can lead to authorization bypass...

CVE-2026-12204 ShopXO Scheduled Task Endpoint Crontab.php GoodsGiveIntegral authorization

A vulnerability was determined in ShopXO up to 6.7.1. This vulnerability affects the function OrderClose/OrderSuccess/PayLogOrderClose/GoodsGiveIntegral of the file app/api/controller/Crontab.php of the component Scheduled Task Endpoint. Executing a manipulation can lead to authorization bypass...

PT-2026-49165

Name of the Vulnerable Software and Affected Versions ShopXO versions prior to 6.7.2 Description An authorization bypass exists in the Scheduled Task Endpoint within the app/api/controller/Crontab.php file. This issue allows a remote attacker to bypass authorization by manipulating the OrderClose...

Shopex 4.8.5.45144 getshell 0day-vulnerability warning-the black bar safety net

ShopEx online store system sales platform, is one of the earliest online shop software provider; is currently the shop system continued research and development of the oldest of the company; is currently the shop software domestic the highest market share of the software provider; is currently th...

shopex 4.8.5.45144 \core\include_v5\crontab.php 远程shell写入漏洞

ShopEx网上商店平台软件系统又称网店管理系统、网店程序、网上购物系统、在线购物系统。 \core\includev5\crontab.php （zend加密后的，我只发布解密后的代码） 01 public function run 02 03 $this-logFile = HOMEDIR."/logs/access.log.php"; 04 $this-now = time ; 05 $this-viewStat ; 06 $messenger =& $this-loadModel "system/messenger" ; 07 $messenger-runQueue ; 08 0...