CVE-2019-5886

Name of the Vulnerable Software and Affected Versions ShopXO version 1.2.0

Description An issue in the application allows an attacker to reinstall the database due to the lack of validation in the Add method of the Index.php file. This enables the attacker to write arbitrary code to database.php during system reinstallation.

Recommendations For ShopXO version 1.2.0, consider adding validation to the Add method in the Index.php file to prevent unauthorized database reinstallation. As a temporary workaround, restrict access to the Index.php file to minimize the risk of exploitation.