Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Affecting shopxo/shopxo package, versions >=0.0.0
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-PHP-SHOPXOSHOPXO-8745215
- published24 Feb 2025
- disclosed24 Feb 2025
- creditjmx0hxq
Introduced: 24 Feb 2025
NewCVE-2025-1611 (opens in a new tab)Common Vulnerabilities and Exposures (CVE) are common identifiers for publicly known security vulnerabilities
Common Weakness Enumeration (CWE) is a category system for software weaknesses
How to fix?
There is no fixed version for shopxo/shopxo.
Overview
shopxo/shopxo is an e-commerce system.
Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') due to insufficient input validation in the ThemeAdminService component. Authenticated attackers with administrative privileges can exploit this vulnerability by uploading a maliciously crafted theme package containing executable PHP code.