CyberSec.Space Logo
Back to CVE Browser

CVE-2020-19778

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1180%
EPSS Percentile34.06th
PublishedApr 14, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in "/index.php" by manipulating the parameter "user_id" in the HTML request.

Affected Platforms (CPE)

πŸ“¦
Shopxo

Shopxo

= 1.4.0
πŸ“¦
Shopxo

Shopxo

= 1.5.0

References & Advisories

πŸ”— https://cwe.mitre.org/data/definitions/472.html
πŸ”— https://github.com/gongfuxiang/shopxo/issues/23
πŸ”— https://cwe.mitre.org/data/definitions/472.html
πŸ”— https://github.com/gongfuxiang/shopxo/issues/23

Related Vulnerabilities

CVE-2021-278179.8

A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the s...

CVE-2019-58869.8

An issue was discovered in ShopXO 1.2.0. In the application\install\controller\Index.php file, there is no validation lock file in...

CVE-2020-242208.8

ShopXO v1.8.1 has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands and gain c...

CVE-2020-260087.8

The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulne...