Unrated severityNVD Advisory· Published May 8, 2020· Updated Aug 4, 2024

Potential remote code execution in Shopizer

CVE-2020-11006

Description

In Shopizer before version 2.11.0, a script can be injected in various forms and saved in the database, then executed when information is fetched from backend. This has been patched in version 2.11.0.

Affected products

Shopizer Ecommerce/Shopizerv5
Range: < 2.11.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/shopizer-ecommerce/shopizer/commit/929ca0839a80c6f4dad087e0259089908787ad2amitrex_refsource_MISC
github.com/shopizer-ecommerce/shopizer/security/advisories/GHSA-8pc4-gvfw-634pmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000