{"id":"CVE-2020-19778","details":"Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in \"/index.php\" by manipulating the parameter \"user_id\" in the HTML request.","modified":"2026-04-10T04:24:10.358815Z","published":"2021-04-14T14:15:13.087Z","references":[{"type":"ADVISORY","url":"https://cwe.mitre.org/data/definitions/472.html"},{"type":"EVIDENCE","url":"https://github.com/gongfuxiang/shopxo/issues/23"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gongfuxiang/shopxo","events":[{"introduced":"0"},{"last_affected":"6380408e8aa291be1840c98f25b5b93c56036e98"},{"introduced":"0"},{"last_affected":"69e6b9467ef53f61024c77faf0b64330d76000b7"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.4.0"},{"introduced":"0"},{"last_affected":"1.5.0"}]}}],"versions":["v1.1.0","v1.2.0","v1.4.0","v1.5.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-19778.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}