CVE-2025-5108 – Zongzhige ShopXO ZIP File Handler Unrestricted File Upload Vulnerability

May 23, 2025

CVE ID : CVE-2025-5108

Published : May 23, 2025, 1:15 p.m. | 2 hours, 24 minutes ago

Description : A vulnerability was found in zongzhige ShopXO 6.5.0. It has been rated as critical. This issue affects the function Upload of the file app/admin/controller/Payment.php of the component ZIP File Handler. The manipulation of the argument params leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5109 – FreeFloat FTP Server Buffer Overflow Vulnerability

Next Article CVE-2025-5107 – Fujian Kelixun SQL Injection Vulnerability

Highlights

CVE-2025-53023 – Oracle MySQL Server Replication High Privilege DOS Vulnerability

July 16, 2025

CVE ID : CVE-2025-53023

Published : July 15, 2025, 8:15 p.m. | 6 hours, 38 minutes ago

Description : Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.42. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: 4.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

Blackstone portfolio company R Systems Acquires Novigo Solutions, Strengthening its Product Engineering and Full-Stack Agentic-AI Capabilities

Google Pixel 10 Pro vs. iPhone 16 Pro: I’ve used both handsets, and there’s a clear winner

Master these 48 Windows keyboard shortcuts and finish work early

Why the Pixel 10 is making this longtime iPhone user reconsider their next phone

Google Pixel 10 Pro Fold vs. Samsung Galaxy Z Fold 7: I compared both Androids, and here’s the winner

PERFIXION 2025: Powering AI Ideas

PERFIXION 2025: Powering AI Ideas

MongoDB Data Types

Building Cross-Platform Alerts with Laravel’s Notification Framework

Gears of War returns, Helldivers 2 jumps ship, and Xbox players win big — Xbox’s Aug 25–31 lineup proves the console war is getting interesting again

Gears of War returns, Helldivers 2 jumps ship, and Xbox players win big — Xbox’s Aug 25–31 lineup proves the console war is getting interesting again

Reports say Windows 11 update is bricking drives — is yours on the list?

Razer finally remembered I don’t live in China, so now we can all get this cool Gengar gaming headset

CVE-2025-5108 – Zongzhige ShopXO ZIP File Handler Unrestricted File Upload Vulnerability

Malicious Go Module Poses as SSH Brute-Force Tool, Steals Credentials via Telegram Bot

CVE-2025-8208 – Spexo Addons for Elementor WordPress Stored Cross-Site Scripting

CVE-2025-48268 – Guru Team Bot for Telegram WooCommerce Missing Authorization Vulnerability

CodeSOD: An Annual Report

CVE-2025-54833 – OPEXUS FOIAXpress Bypass Account-Lockout and CAPTCHA Protection Vulnerability

CVE-2025-6199 – GdkPixbuf GIF LZW Buffer Leak Vulnerability

CVE-2025-53023 – Oracle MySQL Server Replication High Privilege DOS Vulnerability

CVE-2025-3262 – Apache Transformers ReDoS

How to Install Canon imageFORMULA R40 Driver on Windows 11

CVE-2025-47154 – Ladybird LibJS Use-After-Free Remote Code Execution Vulnerability

CVE-2025-5108 – Zongzhige ShopXO ZIP File Handler Unrestricted File Upload Vulnerability

Related Posts