CVE-2025-1611

Medium CVSS: 5.1

A vulnerability was found in ShopXO up to 6.4.0. It has been classified as problematic. This affects an unknown part of the file app/service/ThemeAdminService.php of the component Template Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Shopxo

Product

Shopxo

CWE

CWE-74

Yayın Tarihi

2025-02-24 02:15:32

Güncelleme

2025-07-02 17:41:27

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-74 Shopxo MEDIUM Shopxo 2025

Referanslar

https://github.com/jmx0hxq/Vulnerability-learning/blob/main/shopxo-rce.md https://vuldb.com/?ctiid.296601 https://vuldb.com/?id.296601 https://vuldb.com/?submit.501211

Benzer Kayıtlar

Medium

CVE-2025-5108

A vulnerability was found in zongzhige ShopXO 6.5.0. It has been rated as critical. This issue affects the function Uplo…

Medium

CVE-2025-28092

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function.

Medium

CVE-2025-28093

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings.

Medium

CVE-2025-28094

shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places.

Critical

CVE-2025-26325

ShopXO 6.4.0 is vulnerable to File Upload in ThemeDataService.php.