CVE-2019-5886

Description

An issue was discovered in ShopXO 1.2.0. In the application\install\controller\Index.php file, there is no validation lock file in the Add method, which allows an attacker to reinstall the database. The attacker can write arbitrary code to database.php during system reinstallation.

CVSS Version 3.0
CVSS Version 2.0

nvd
CVE ID: CVE-2019-5886
Base Score: 9.8
Base Severity: CRITICAL
Vector String:CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

nvd
CVE ID: CVE-2019-5886
Base Score: 7.5
Base Severity: HIGH
Vector String:AV:N/AC:L/Au:N/C:P/I:P/A:P

Refrence: NVD

Description​

Description