CVE-2025-5108 – Zongzhige ShopXO ZIP File Handler Unrestricted File Upload Vulnerability

May 23, 2025

CVE ID : CVE-2025-5108

Published : May 23, 2025, 1:15 p.m. | 2 hours, 24 minutes ago

Description : A vulnerability was found in zongzhige ShopXO 6.5.0. It has been rated as critical. This issue affects the function Upload of the file app/admin/controller/Payment.php of the component ZIP File Handler. The manipulation of the argument params leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5109 – FreeFloat FTP Server Buffer Overflow Vulnerability

Next Article CVE-2025-5107 – Fujian Kelixun SQL Injection Vulnerability

Highlights

CVE-2024-52290 – LF Edge eKuiper Cross-Site Scripting (XSS)

May 14, 2025

CVE ID : CVE-2024-52290

Published : May 14, 2025, 8:15 a.m. | 35 minutes ago

Description : LF Edge eKuiper is a lightweight internet of things (IoT) data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service (e.g. kuiperUser role) can inject a cross-site scripting payload into Connection Configuration key `Name` (`confKey`) parameter. After this setup, when any user with access to this service (e.g. admin) tries to delete this key, a payload acts in the victim’s browser. Version 2.1.0 fixes the issue.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

Blackstone portfolio company R Systems Acquires Novigo Solutions, Strengthening its Product Engineering and Full-Stack Agentic-AI Capabilities

The best AirTag alternative for Samsung users is currently 30% off

One of the biggest new features on the Google Pixel 10 is also one of the most overlooked

I tested these viral ‘crush-proof’ Bluetooth speakers, and they’re not your average portables

I compared the best smartwatches from Google and Apple – and there’s a clear winner

MongoDB Data Types

MongoDB Data Types

Building Cross-Platform Alerts with Laravel’s Notification Framework

Add Notes Functionality to Eloquent Models With the Notable Package

Microsoft nags more users with Windows 10 end of life banner, says get Windows 11

Microsoft nags more users with Windows 10 end of life banner, says get Windows 11

Hate Windows 11? Windows 10’s extended updates Enroll button is slowly rolling out, says Microsoft

Firefox Web App Support Available to Test (on Windows, At Least)

CVE-2025-5108 – Zongzhige ShopXO ZIP File Handler Unrestricted File Upload Vulnerability

CVE-2025-8208 – Spexo Addons for Elementor WordPress Stored Cross-Site Scripting

CVE-2025-9379 – “Belkin AX1800 Firmware Update Handler Remote Authentication Bypass”

Google Search’s AI mode goes multimodal

CVE-2024-12543 – OpenText Content Management Barcode Attribute Manipulation

pdphilip/elasticsearch

IT Rack Setup Services in Delhi – Professional IT Infrastructure Solutions

CVE-2024-52290 – LF Edge eKuiper Cross-Site Scripting (XSS)

CVE-2025-48259 – Juan Carlos WP Mapa Politico España CSRF

Chargebee Starter Kit for Billing in Laravel

CVE-2025-46421 – Apache Libsoup HTTP Authorization Header Exposure Vulnerability

CVE-2025-5108 – Zongzhige ShopXO ZIP File Handler Unrestricted File Upload Vulnerability

Related Posts