CVE-2021-27817
CRITICAL9.8EPSS 1.3%ShopXO RCE Vulnerability
Published: 5/24/2022Modified: 2/16/2024
Also known as:GHSA-xx77-w6p5-xvmj
Description
A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the suffix is JPG, which is uploaded after modifying the phar suffix.
Affected packages (1)
- Packagist/shopxo/shopxofrom 0, <= 1.9.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |