CVE-2019-5886

Published: Jan 10, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered in ShopXO 1.2.0. In the application\install\controller\Index.php file, there is no validation lock file in the Add method, which allows an attacker to reinstall the database. The attacker can write arbitrary code to database.php during system reinstallation.

Affected (1)

Products: Shopxo: Shopxo

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Shopxo Shopxo	Version 1.2.0

Related CWEs

Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://github.com/gongfuxiang/shopxo/issues/1

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/gongfuxiang/shopxo/issues/1

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.