2 matches found
CVE-2026-12204 ShopXO Scheduled Task Endpoint Crontab.php GoodsGiveIntegral authorization
A vulnerability was determined in ShopXO up to 6.7.1. This vulnerability affects the function OrderClose/OrderSuccess/PayLogOrderClose/GoodsGiveIntegral of the file app/api/controller/Crontab.php of the component Scheduled Task Endpoint. Executing a manipulation can lead to authorization bypass...
CVE-2026-12204
Summary : CVE-2026-12204 affects ShopXO up to version 6.7.1. The vulnerability resides in the Scheduled Task Endpoint, notably the file app/api/controller/Crontab.php, affecting functions OrderClose, OrderSuccess, PayLogOrderClose, and GoodsGiveIntegral. The issue allows remote manipulation that ...