Количество 2
Количество 2
CVE-2024-6524
A vulnerability was found in ShopXO up to 6.1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file extend/base/Uploader.php. The manipulation of the argument source leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270367. NOTE: The original disclosure confuses CSRF with SSRF.
GHSA-c96r-38gv-grp4
ShopXO Server-Side Request Forgery Vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-6524 A vulnerability was found in ShopXO up to 6.1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file extend/base/Uploader.php. The manipulation of the argument source leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270367. NOTE: The original disclosure confuses CSRF with SSRF. | CVSS3: 5.5 | 0% Низкий | больше 1 года назад |
| GHSA-c96r-38gv-grp4 ShopXO Server-Side Request Forgery Vulnerability | CVSS3: 5.5 | 0% Низкий | больше 1 года назад |
Уязвимостей на страницу