CVE-2024-6524 | ShopXO up to 6.1.0 extend/base/Uploader.php source server-side request forgery

Inserito da Angelo Barbosa | Lug 5, 2024 | CVE

A vulnerability was found in ShopXO up to 6.1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file extend/base/Uploader.php. The manipulation of the argument source leads to server-side request forgery.

This vulnerability is known as CVE-2024-6524. The attack can be launched remotely. Furthermore, there is an exploit available.

The original disclosure confuses CSRF with SSRF.

CVE-2024-6524 | ShopXO up to 6.1.0 extend/base/Uploader.php source server-side request forgery

Post correlati

CVE-2024-25902 | Malware Scanner Plugin up to 4.7.2 on WordPress sql injection

CVE-2024-5622 | B&R Industrial Automation B&R APROL up to R 4.2-07P3/R 4.4-00P3 unnecessary privileges

CVE-2024-35691 | Marketing Fire Widget Options Plugin up to 5.1.0 on WordPress information disclosure

CVE-2024-42118 | Linux Kernel up to 6.9.8 AMD Display array index (a76fa9c4f0fc/3ac31c9a707d)