CVE-2025-28092

Medium CVSS: 6.3

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function.

Vendor

Product

CWE

Yayın Tarihi

2025-03-28 22:15:18

Güncelleme

2025-04-07 14:12:53

Source Identifier

cve@mitre.org

KEV Date Added

CWE-918 Shopxo MEDIUM Shopxo 2025

https://www.yuque.com/morysummer/vx41bz/stggvmlxs9ewqlvu https://www.yuque.com/morysummer/vx41bz/stggvmlxs9ewqlvu

Medium

CVE-2025-5108

A vulnerability was found in zongzhige ShopXO 6.5.0. It has been rated as critical. This issue affects the function Uplo…

Medium

CVE-2025-28093

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings.

Medium

CVE-2025-28094

shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places.

Critical

CVE-2025-26325

ShopXO 6.4.0 is vulnerable to File Upload in ThemeDataService.php.

Medium

CVE-2025-1611

A vulnerability was found in ShopXO up to 6.4.0. It has been classified as problematic. This affects an unknown part of…