| Titel | shopxo v6.5 Remote Code Execution |
|---|
| Beschreibung | There is a vulnerability in the Payment.php file of ShopXO v6.5.0 that allows an attacker to execute arbitrary PHP code via a crafted zip file upload. The vulnerability occurs due to improper file handling and lack of adequate validation when extracting files from a zip archive.
|
|---|
| Quelle | ⚠️ https://github.com/147536951/Qiany1/blob/main/shopxo6.5.pdf |
|---|
| Benutzer | Qianyi (UID 71159) |
|---|
| Einreichung | 02.05.2025 09:05 (vor 1 Jahr) |
|---|
| Moderieren | 23.05.2025 08:28 (21 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 310085 [zongzhige ShopXO 6.5.0 ZIP File Payment.php Upload params erweiterte Rechte] |
|---|
| Punkte | 17 |
|---|