ShopXO v2.2.5 and below was discovered to contain a system re-install vulnerability via the Add function in app/install/controller/Index.php.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HShopxo
APPShopxo2.2.5
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2025-26325CRITICAL9.8PL ✓ten sam produkt
ShopXO 6.4.0 — niebezpieczne przesyłanie plików w ThemeDataService.php
CVE-2020-19778CRITICAL9.8ten sam produkt
Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in "/index.php...
CVE-2021-27817CRITICAL9.8ten sam produkt
A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated...
CVE-2019-5886CRITICAL9.8ten sam produkt
An issue was discovered in ShopXO 1.2.0. In the application\install\controller\Index.php file, there is no val...
CVE-2021-41938HIGH7.2ten sam produkt
An issue was discovered in ShopXO CMS 2.2.0. After entering the management page, there is an arbitrary file up...