CVE-2020-26007

HIGH

7.8

CVSS Severity Score

EPSS Score0.1010%

EPSS Percentile43.45th

Published2022年3月20日

Last Modified2024年11月21日

Vulnerability Description

An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.

Affected Platforms (CPE)

📦

Shopxo

= 1.9.0

References & Advisories

🔗 https://github.com/gongfuxiang/shopxo/issues/48

相关漏洞威胁

CVE-2020-197789.8

Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in "/index.php" by manipulating th...

CVE-2019-58869.8

An issue was discovered in ShopXO 1.2.0. In the application\install\controller\Index.php file, there is no validation lock file in...

CVE-2021-278179.8

A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the s...

CVE-2020-242208.8

ShopXO v1.8.1 has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands and gain c...