PT-2021-10412 · Shopxo · Shopxo
Qhxb
·
Published
2021-04-14
·
Updated
2022-10-05
·
CVE-2020-19778
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Shopxo versions 1.4.0 through 1.5.0
Description:
The issue allows remote attackers to gain privileges by manipulating the
user id parameter in the HTML request to the "/index.php" endpoint.Recommendations:
For versions 1.4.0 through 1.5.0, as a temporary workaround, consider restricting access to the "/index.php" endpoint until a patch is available. Avoid using the
user id parameter in the affected endpoint until the issue is resolved.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Shopxo