CVE-2025-28092

Severity CVSS v4.0:
Pending analysis
Type:
CWE-918 Server-Side Request Forgery (SSRF)
Publication date:
28/03/2025
Last modified:
07/04/2025

Description

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:shopxo:shopxo:6.4.0:*:*:*:*:*:*:*