CVE-2019-5887

An issue was discovered in ShopXO 1.2.0. In the UnlinkDir method of the FileUtil.php file, the input parameters are not checked, resulting in input mishandling by the rmdir method. Attackers can delete arbitrary files by using "../" directory traversal.
References
Link Resource
https://github.com/gongfuxiang/shopxo/issues/2 Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:shopxo:shopxo:1.2.0:*:*:*:*:*:*:*

Information

Published : 2019-01-10 06:29

Updated : 2019-01-18 12:17


NVD link : CVE-2019-5887

Mitre link : CVE-2019-5887


JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa

Products Affected

shopxo

  • shopxo