PT-2019-17844 · Shopxo · Shopxo

Published

2019-01-10

Updated

2020-08-24

CVE-2019-5886

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ShopXO version 1.2.0

Description An issue in the application allows an attacker to reinstall the database due to the lack of validation in the Add method of the Index.php file. This enables the attacker to write arbitrary code to database.php during system reinstallation.

Recommendations For ShopXO version 1.2.0, consider adding validation to the Add method in the Index.php file to prevent unauthorized database reinstallation. As a temporary workaround, restrict access to the Index.php file to minimize the risk of exploitation.

Exploit

Fix

Improper Locking

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-667CWE-862

Related Identifiers

CVE-2019-5886

Affected Products

Shopxo

PT-2019-17844 · Shopxo · Shopxo

CVE-2019-5886

Weakness Enumeration

Related Identifiers

Affected Products

References · 3