Medium
CVSS: 5.3
A vulnerability was found in zongzhige ShopXO 6.5.0. It has been rated as critical. This issue affects the function Upload of the file app/admin/controller/Payment.php of the component ZIP File Handler. The manipulation of the argument para…
Medium
CVSS: 6.5
shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places.
Medium
CVSS: 6.3
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings.
Medium
CVSS: 6.3
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function.
Critical
CVSS: 9.8
ShopXO 6.4.0 is vulnerable to File Upload in ThemeDataService.php.
Medium
CVSS: 5.1
A vulnerability was found in ShopXO up to 6.4.0. It has been classified as problematic. This affects an unknown part of the file app/service/ThemeAdminService.php of the component Template Handler. The manipulation leads to injection. It is…