CVE-2021-41938

Name of the Vulnerable Software and Affected Versions ShopXO CMS version 2.2.0

Description An issue was discovered in ShopXO CMS, where after entering the management page, there is an arbitrary file upload vulnerability in three locations.

Recommendations For ShopXO CMS version 2.2.0, consider restricting access to the file upload functionality until a patch is available. As a temporary workaround, disabling the file upload feature in the management page may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.