VYPR

Shopxo

by Gongfuxiang

Source repositories

CVEs (4)

  • CVE-2019-5886CriJan 10, 2019
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in ShopXO 1.2.0. In the application\install\controller\Index.php file, there is no validation lock file in the Add method, which allows an attacker to reinstall the database. The attacker can write arbitrary code to database.php during system…

  • CVE-2020-26008HigMar 20, 2022
    risk 0.51cvss 7.8epss 0.01

    The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via uploading a crafted PHP file.

  • CVE-2019-5887HigJan 10, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in ShopXO 1.2.0. In the UnlinkDir method of the FileUtil.php file, the input parameters are not checked, resulting in input mishandling by the rmdir method. Attackers can delete arbitrary files by using "../" directory traversal.

  • CVE-2025-7567MedJul 14, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in ShopXO up to 6.5.0 and classified as problematic. This issue affects some unknown processing of the file header.html. The manipulation of the argument lang/system_type leads to cross site scripting. The attack may be initiated remotely. The exploit…