| Title | shopxo v6.5 Remote Code Execution |
|---|
| Description | There is a vulnerability in the Payment.php file of ShopXO v6.5.0 that allows an attacker to execute arbitrary PHP code via a crafted zip file upload. The vulnerability occurs due to improper file handling and lack of adequate validation when extracting files from a zip archive.
|
|---|
| Source | ⚠️ https://github.com/147536951/Qiany1/blob/main/shopxo6.5.pdf |
|---|
| User | Qianyi (UID 71159) |
|---|
| Submission | 05/02/2025 09:05 (1 Year ago) |
|---|
| Moderation | 05/23/2025 08:28 (21 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 310085 [zongzhige ShopXO 6.5.0 ZIP File Payment.php Upload params unrestricted upload] |
|---|
| Points | 17 |
|---|