A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the suffix is JPG, which is uploaded after modifying the phar suffix.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| shopxo/shopxo(Packagist) | 0 | N/A | N/A |
CVSS Metrics
