CVE-2025-5108 | zongzhige ShopXO 6.5.0 ZIP File Payment.php Upload params unrestricted upload

A vulnerability was found in zongzhige ShopXO 6.5.0. It has been rated as critical. This issue affects the function Upload of the file app/admin/controller/Payment.php of the component ZIP File Handler. The manipulation of the argument params leads to unrestricted upload.

The identification of this vulnerability is CVE-2025-5108. The attack may be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-5108 | zongzhige ShopXO 6.5.0 ZIP File Payment.php Upload params unrestricted upload

Post correlati

CVE-2024-30510 | Salon Booking System Plugin up to 9.5 on WordPress unrestricted upload

CVE-2024-36790 | Netgear WNR614/N300 cleartext storage

CVE-2024-55886 | opensearch-project data-prepper 2.10.0/2.10.1 getHttpAuthenticationService improper authentication (GHSA-725p-63vv-v948)

CVE-2024-7918 | Pocket Widget Plugin up to 0.1.3 on WordPress Setting cross site scripting