CVE-2025-26325

Critical CVSS: 9.8

ShopXO 6.4.0 is vulnerable to File Upload in ThemeDataService.php.

Vendor

Product

CWE

Yayın Tarihi

2025-02-27 22:15:39

Güncelleme

2025-04-10 17:28:00

Source Identifier

cve@mitre.org

KEV Date Added

CWE-434 Shopxo CRITICAL Shopxo 2025

https://github.com/gongfuxiang/shopxo/issues/86 https://github.com/gongfuxiang/shopxo/issues/86

Medium

CVE-2025-5108

A vulnerability was found in zongzhige ShopXO 6.5.0. It has been rated as critical. This issue affects the function Uplo…

Medium

CVE-2025-28092

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function.

Medium

CVE-2025-28093

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings.

Medium

CVE-2025-28094

shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places.

Medium

CVE-2025-1611

A vulnerability was found in ShopXO up to 6.4.0. It has been classified as problematic. This affects an unknown part of…