Arbitrary File Upload Vulnerability in ShopXO Plugin by ShopXO

CVE-2020-26008

What is CVE-2020-26008?

The PluginsUpload function in ShopXO version 1.9.0 contains a vulnerability that allows attackers to upload arbitrary files, including malicious PHP scripts. This flaw can lead to unauthorized code execution on the server, posing a significant security risk. Proper validation of file types and implementing security measures are essential to mitigate this vulnerability.

References