Home/Product/shopxo
Product

shopxo

17 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-5108
all versions
A vulnerability was found in zongzhige ShopXO 6.5.0. It has been rated as critical. This issue affects the function Upload of the
6.3MEDIUM
 CVE-2025-28094
all versions
shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places.
6.5MEDIUM
 CVE-2025-28093
all versions
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings.
6.3MEDIUM
 CVE-2025-28092
all versions
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function.
6.3MEDIUM
 CVE-2025-26325
all versions
ShopXO 6.4.0 is vulnerable to File Upload in ThemeDataService.php.
9.8CRITICAL
 CVE-2025-1611
<= 6.4.0
A vulnerability was found in ShopXO up to 6.4.0. It has been classified as problematic. This affects an unknown part of the file a
4.7MEDIUM
 CVE-2024-44682
all versions
ShopXO 6.2 is vulnerable to Cross Site Scripting (XSS) in the backend that allows attackers to execute code by changing POST param
6.1MEDIUM
 CVE-2024-6524
<= 6.1.0
A vulnerability was found in ShopXO up to 6.1.0. It has been declared as critical. Affected by this vulnerability is an unknown fu
5.5MEDIUM
 CVE-2021-41938
all versions
An issue was discovered in ShopXO CMS 2.2.0. After entering the management page, there is an arbitrary file upload vulnerability i
7.2HIGH
 CVE-2022-28056
all versions
ShopXO v2.2.5 and below was discovered to contain a system re-install vulnerability via the Add function in app/install/controller
9.8CRITICAL
 CVE-2020-26008
all versions
The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulne
7.8HIGH
 CVE-2020-26007
all versions
An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code vi
7.8HIGH
 CVE-2020-19778
all versions
Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in "/index.php" by manipulating th
9.8CRITICAL
 CVE-2021-27817
all versions
A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the s
9.8CRITICAL
 CVE-2020-24220
all versions
ShopXO v1.8.1 has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands and gain c
8.8HIGH
 CVE-2019-5887
all versions
An issue was discovered in ShopXO 1.2.0. In the UnlinkDir method of the FileUtil.php file, the input parameters are not checked, r
7.5HIGH
 CVE-2019-5886
all versions
An issue was discovered in ShopXO 1.2.0. In the application\install\controller\Index.php file, there is no validation lock file in
9.8CRITICAL
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh