CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-19778

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1180%
EPSS Percentile34.06th
Published2021年4月14日
Last Modified2024年11月21日

Vulnerability Description

Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in "/index.php" by manipulating the parameter "user_id" in the HTML request.

Affected Platforms (CPE)

📦
Shopxo

Shopxo

= 1.4.0
📦
Shopxo

Shopxo

= 1.5.0

References & Advisories

🔗 https://cwe.mitre.org/data/definitions/472.html
🔗 https://github.com/gongfuxiang/shopxo/issues/23
🔗 https://cwe.mitre.org/data/definitions/472.html
🔗 https://github.com/gongfuxiang/shopxo/issues/23

関連する脆弱性情報

CVE-2019-58869.8

An issue was discovered in ShopXO 1.2.0. In the application\install\controller\Index.php file, there is no validation lock file in...

CVE-2021-278179.8

A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the s...

CVE-2020-242208.8

ShopXO v1.8.1 has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands and gain c...

CVE-2020-260077.8

An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code vi...