A vulnerability was found in ShopXO up to 6.1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file extend/base/Uploader.php. The manipulation of the argument source leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270367. NOTE: The original disclosure confuses CSRF with SSRF.
References
Link | Resource |
---|---|
https://github.com/J1rrY-learn/learn/blob/main/shopxo_ssrf.md | Exploit |
https://vuldb.com/?ctiid.270367 | Permissions Required VDB Entry |
https://vuldb.com/?id.270367 | Permissions Required VDB Entry |
https://vuldb.com/?submit.365173 | Third Party Advisory VDB Entry |
https://github.com/J1rrY-learn/learn/blob/main/shopxo_ssrf.md | Exploit |
https://vuldb.com/?ctiid.270367 | Permissions Required VDB Entry |
https://vuldb.com/?id.270367 | Permissions Required VDB Entry |
https://vuldb.com/?submit.365173 | Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 09:49
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 5.5 |
References | () https://github.com/J1rrY-learn/learn/blob/main/shopxo_ssrf.md - Exploit | |
References | () https://vuldb.com/?ctiid.270367 - Permissions Required, VDB Entry | |
References | () https://vuldb.com/?id.270367 - Permissions Required, VDB Entry | |
References | () https://vuldb.com/?submit.365173 - Third Party Advisory, VDB Entry |
08 Jul 2024, 15:33
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 8.8 |
CPE | cpe:2.3:a:shopxo:shopxo:*:*:*:*:*:*:*:* | |
References | () https://github.com/J1rrY-learn/learn/blob/main/shopxo_ssrf.md - Exploit | |
References | () https://vuldb.com/?ctiid.270367 - Permissions Required, VDB Entry | |
References | () https://vuldb.com/?id.270367 - Permissions Required, VDB Entry | |
References | () https://vuldb.com/?submit.365173 - Third Party Advisory, VDB Entry | |
First Time |
Shopxo shopxo
Shopxo |
05 Jul 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-05 12:15
Updated : 2024-11-21 09:49
NVD link : CVE-2024-6524
Mitre link : CVE-2024-6524
CVE.ORG link : CVE-2024-6524
JSON object : View
Products Affected
shopxo
- shopxo
CWE
CWE-918
Server-Side Request Forgery (SSRF)