Command Execution Vulnerability in ShopXO by ShopXO Technology
CVE-2020-24220

8.8HIGH

Key Information:

Vendor: Shopxo
Status: Shopxo
Vendor: CVE Published:; 17 August 2020

What is CVE-2020-24220?

ShopXO v1.8.1 is susceptible to a command execution vulnerability which can allow attackers to execute arbitrary commands on the server. This flaw poses a significant risk, enabling unauthorized control and potential exploitation of the system. Organizations utilizing this application should take immediate action to secure their instances and mitigate any associated risks.

References

https://www.cnvd.org.cn/flaw/show/CNVD-2020-42698

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 17, 2020
Vulnerability Reserved
Aug 13, 2020

Shopxo

What is CVE-2020-24220?

References

CVSS V3.1

Timeline