CVE-2024-6524
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2024-6524 is a critical vulnerability impacting ShopXO up to version 6.1.0. This issue lies within an unknown functionality of the file Uploader.php located in the extend/base directory. The manipulation of the source argument triggers a server-side request forgery (SSRF), enabling attackers to inject malicious commands and potentially gain unauthorized access to the server. The vulnerability can be exploited remotely, making it a significant threat. Public disclosure of the exploit increases the risk of its usage by malicious actors. Note that there seems to be confusion in the original disclosure between Server-Side Request Forgery (SSRF) and Cross-Site Request Forgery (CSRF).
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.