HIGH🇬🇧 English

CVE-2021-41938

CVSS 7.2v3.1pub. 2022-05-19upd. 2024-11-21

An issue was discovered in ShopXO CMS 2.2.0. After entering the management page, there is an arbitrary file upload vulnerability in three locations.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Shopxo

    APP
    Shopxo
    2.2.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-26325CRITICAL9.8PL ✓ten sam produkt

ShopXO 6.4.0 — niebezpieczne przesyłanie plików w ThemeDataService.php

CVE-2022-28056CRITICAL9.8ten sam produkt

ShopXO v2.2.5 and below was discovered to contain a system re-install vulnerability via the Add function in ap...

CVE-2020-19778CRITICAL9.8ten sam produkt

Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in "/index.php...

CVE-2021-27817CRITICAL9.8ten sam produkt

A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated...

CVE-2019-5886CRITICAL9.8ten sam produkt

An issue was discovered in ShopXO 1.2.0. In the application\install\controller\Index.php file, there is no val...

CVE-2021-41938 — HIGH 7.2 | CVEbaza.pl