CVE-2025-5108

Medium CVSS: 5.3

A vulnerability was found in zongzhige ShopXO 6.5.0. It has been rated as critical. This issue affects the function Upload of the file app/admin/controller/Payment.php of the component ZIP File Handler. The manipulation of the argument params leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Shopxo

Product

Shopxo

CWE

CWE-284

Yayın Tarihi

2025-05-23 13:15:45

Güncelleme

2025-07-02 00:49:48

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-284 Shopxo MEDIUM Shopxo 2025

Referanslar

https://github.com/147536951/Qiany1/blob/main/shopxo6.5.pdf https://vuldb.com/?ctiid.310085 https://vuldb.com/?id.310085 https://vuldb.com/?submit.569827 https://github.com/147536951/Qiany1/blob/main/shopxo6.5.pdf

Benzer Kayıtlar

Medium

CVE-2025-28092

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function.

Medium

CVE-2025-28093

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings.

Medium

CVE-2025-28094

shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places.

Critical

CVE-2025-26325

ShopXO 6.4.0 is vulnerable to File Upload in ThemeDataService.php.

Medium

CVE-2025-1611

A vulnerability was found in ShopXO up to 6.4.0. It has been classified as problematic. This affects an unknown part of…