CVE-2024-6524

A vulnerability was found in ShopXO up to 6.1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file extend/base/Uploader.php. The manipulation of the argument source leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270367. NOTE: The original disclosure confuses CSRF with SSRF.
References
Link Resource
https://github.com/J1rrY-learn/learn/blob/main/shopxo_ssrf.md Exploit
https://vuldb.com/?ctiid.270367 Permissions Required VDB Entry
https://vuldb.com/?id.270367 Permissions Required VDB Entry
https://vuldb.com/?submit.365173 Third Party Advisory VDB Entry
https://github.com/J1rrY-learn/learn/blob/main/shopxo_ssrf.md Exploit
https://vuldb.com/?ctiid.270367 Permissions Required VDB Entry
https://vuldb.com/?id.270367 Permissions Required VDB Entry
https://vuldb.com/?submit.365173 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:shopxo:shopxo:*:*:*:*:*:*:*:*

History

21 Nov 2024, 09:49

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad en ShopXO hasta 6.1.0. Ha sido declarada crítica. Una función desconocida del archivo extend/base/Uploader.php es afectada por esta vulnerabilidad. La manipulación del argumento source conduce a server-side request forgery. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-270367. NOTA: La divulgación original confunde CSRF con SSRF.
CVSS v2 : 6.5
v3 : 8.8
v2 : 6.5
v3 : 5.5
References () https://github.com/J1rrY-learn/learn/blob/main/shopxo_ssrf.md - Exploit () https://github.com/J1rrY-learn/learn/blob/main/shopxo_ssrf.md - Exploit
References () https://vuldb.com/?ctiid.270367 - Permissions Required, VDB Entry () https://vuldb.com/?ctiid.270367 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.270367 - Permissions Required, VDB Entry () https://vuldb.com/?id.270367 - Permissions Required, VDB Entry
References () https://vuldb.com/?submit.365173 - Third Party Advisory, VDB Entry () https://vuldb.com/?submit.365173 - Third Party Advisory, VDB Entry

08 Jul 2024, 15:33

Type Values Removed Values Added
CVSS v2 : 6.5
v3 : 5.5
v2 : 6.5
v3 : 8.8
CPE cpe:2.3:a:shopxo:shopxo:*:*:*:*:*:*:*:*
References () https://github.com/J1rrY-learn/learn/blob/main/shopxo_ssrf.md - () https://github.com/J1rrY-learn/learn/blob/main/shopxo_ssrf.md - Exploit
References () https://vuldb.com/?ctiid.270367 - () https://vuldb.com/?ctiid.270367 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.270367 - () https://vuldb.com/?id.270367 - Permissions Required, VDB Entry
References () https://vuldb.com/?submit.365173 - () https://vuldb.com/?submit.365173 - Third Party Advisory, VDB Entry
First Time Shopxo shopxo
Shopxo

05 Jul 2024, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-05 12:15

Updated : 2024-11-21 09:49


NVD link : CVE-2024-6524

Mitre link : CVE-2024-6524

CVE.ORG link : CVE-2024-6524


JSON object : View

Products Affected

shopxo

  • shopxo
CWE
CWE-918

Server-Side Request Forgery (SSRF)