CVE-2020-19778

Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in "/index.php" by manipulating the parameter "user_id" in the HTML request.
References
Link Resource
https://github.com/gongfuxiang/shopxo/issues/23 Exploit Third Party Advisory
https://cwe.mitre.org/data/definitions/472.html Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:shopxo:shopxo:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:shopxo:shopxo:1.5.0:*:*:*:*:*:*:*

Information

Published : 2021-04-14 02:15

Updated : 2022-10-05 04:31


NVD link : CVE-2020-19778

Mitre link : CVE-2020-19778

Products Affected
No products.