CVE-2025-28093

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings.

CVE-2025-28094

shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places.

CVE-2025-28092

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function.

CVE-2025-1611

A vulnerability was found in ShopXO up to 6.4.0. It has been classified as problematic. This affects an unknown part of the file app/service/ThemeAdminService.php of the component Template Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit has ...

CVE-2025-26325

ShopXO 6.4.0 is vulnerable to File Upload in ThemeDataService.php.

CVE-2025-5108

A vulnerability was found in zongzhige ShopXO 6.5.0. It has been rated as critical. This issue affects the function Upload of the file app/admin/controller/Payment.php of the component ZIP File Handler. The manipulation of the argument params leads to unrestricted upload. The attack may be initiate...

CVE-2025-7567

A vulnerability was found in ShopXO up to 6.5.0 and classified as problematic. This issue affects some unknown processing of the file header.html. The manipulation of the argument lang/system_type leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to...