VYPR
Vendor

Gongfuxiang

Products
2
CVEs
7
Across products
7
Status
Private

Products

2

Recent CVEs

7
  • CVE-2019-5886CriJan 10, 2019
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in ShopXO 1.2.0. In the application\install\controller\Index.php file, there is no validation lock file in the Add method, which allows an attacker to reinstall the database. The attacker can write arbitrary code to database.php during system…

  • CVE-2020-26008HigMar 20, 2022
    risk 0.51cvss 7.8epss 0.01

    The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via uploading a crafted PHP file.

  • CVE-2019-5887HigJan 10, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in ShopXO 1.2.0. In the UnlinkDir method of the FileUtil.php file, the input parameters are not checked, resulting in input mishandling by the rmdir method. Attackers can delete arbitrary files by using "../" directory traversal.

  • CVE-2019-8335MedFeb 13, 2019
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&id=[XSS].

  • CVE-2019-8334MedFeb 13, 2019
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&viewid=[XSS].

  • CVE-2025-4795MedMay 16, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability classified as critical has been found in gongfuxiang schoolcms 2.3.1. This affects the function SaveInfo of the file /index.php?m=Admin&c=article&a=SaveInfo. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack…

  • CVE-2025-7567MedJul 14, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in ShopXO up to 6.5.0 and classified as problematic. This issue affects some unknown processing of the file header.html. The manipulation of the argument lang/system_type leads to cross site scripting. The attack may be initiated remotely. The exploit…