Описание
An issue was discovered in ShopXO 1.2.0. In the application\install\controller\Index.php file, there is no validation lock file in the Add method, which allows an attacker to reinstall the database. The attacker can write arbitrary code to database.php during system reinstallation.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:shopxo:shopxo:1.2.0:*:*:*:*:*:*:*
EPSS
Процентиль: 61%
0.00407
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-667
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
An issue was discovered in ShopXO 1.2.0. In the application\install\controller\Index.php file, there is no validation lock file in the Add method, which allows an attacker to reinstall the database. The attacker can write arbitrary code to database.php during system reinstallation.
EPSS
Процентиль: 61%
0.00407
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-667