Unvalidated Database Reinstallation Vulnerability in ShopXO 1.2.0

Unvalidated Database Reinstallation Vulnerability in ShopXO 1.2.0

CVE-2019-5886 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

An issue was discovered in ShopXO 1.2.0. In the application\install\controller\Index.php file, there is no validation lock file in the Add method, which allows an attacker to reinstall the database. The attacker can write arbitrary code to database.php during system reinstallation.

Learn more about our Web Application Penetration Testing UK.