Security Advisory
CVE-2021-27817
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the suffix is JPG, which is uploaded after modifying the phar suffix.