High severity7.8NVD Advisory· Published Mar 20, 2022· Updated Jun 17, 2026
CVE-2020-26008
CVE-2020-26008
Description
The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via uploading a crafted PHP file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- ShopXO/ShopXOdescription
- Range: =1.9.0
Patches
Vulnerability mechanics
References
1- github.com/gongfuxiang/shopxo/issues/47nvdExploitIssue TrackingThird Party Advisory
News mentions
0No linked articles in our index yet.