CVE-2020-26008

HIGH

7.8

CVSS Severity Score

EPSS Score0.0080%

EPSS Percentile38.22th

PublishedMar 20, 2022

Last ModifiedNov 21, 2024

Vulnerability Description

The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via uploading a crafted PHP file.

Affected Platforms (CPE)

📦

Shopxo

= 1.9.0

References & Advisories

🔗 https://github.com/gongfuxiang/shopxo/issues/47

Related Vulnerabilities

CVE-2019-58869.8

An issue was discovered in ShopXO 1.2.0. In the application\install\controller\Index.php file, there is no validation lock file in...

CVE-2021-278179.8

A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the s...

CVE-2020-197789.8

Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in "/index.php" by manipulating th...

CVE-2020-242208.8

ShopXO v1.8.1 has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands and gain c...