{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-1611","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-02-23T07:00:09.781Z","datePublished":"2025-02-24T02:00:11.502Z","dateUpdated":"2025-02-24T11:47:40.119Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-02-24T02:00:11.502Z"},"title":"ShopXO Template ThemeAdminService.php injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-74","lang":"en","description":"Injection"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-707","lang":"en","description":"Improper Neutralization"}]}],"affected":[{"vendor":"n/a","product":"ShopXO","versions":[{"version":"6.0","status":"affected"},{"version":"6.1","status":"affected"},{"version":"6.2","status":"affected"},{"version":"6.3","status":"affected"},{"version":"6.4","status":"affected"}],"modules":["Template Handler"]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in ShopXO up to 6.4.0. It has been classified as problematic. This affects an unknown part of the file app/service/ThemeAdminService.php of the component Template Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"de","value":"Es wurde eine Schwachstelle in ShopXO bis 6.4.0 ausgemacht. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei app/service/ThemeAdminService.php der Komponente Template Handler. Durch Manipulieren mit unbekannten Daten kann eine injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.1,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":4.7,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":4.7,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":5.8,"vectorString":"AV:N/AC:L/Au:M/C:P/I:P/A:P"}}],"timeline":[{"time":"2025-02-23T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-02-23T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-02-23T08:05:16.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"jmx0hxq (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.296601","name":"VDB-296601 | ShopXO Template ThemeAdminService.php injection","tags":["vdb-entry"]},{"url":"https://vuldb.com/?ctiid.296601","name":"VDB-296601 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.501211","name":"Submit #501211 | ShopXO ShopXO enterprise-level e-commerce system <=6.4.0 Template injection","tags":["third-party-advisory"]},{"url":"https://github.com/jmx0hxq/Vulnerability-learning/blob/main/shopxo-rce.md","tags":["exploit"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-02-24T11:46:24.227810Z","id":"CVE-2025-1611","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-02-24T11:47:40.119Z"}}]}}