Security Advisory

CVE-2021-27817

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-03-15 16:41:45
Last updated 2024-08-03 21:33:16
Assigner mitre
State PUBLISHED

Description

A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the suffix is JPG, which is uploaded after modifying the phar suffix.