{"id":"GHSA-jfph-3hpg-2f65","summary":"Incorrect Permission Assignment for Critical Resource in ShopXO","details":"ShopXO v2.2.5 and below was discovered to contain a system re-install vulnerability via the Add function in app/install/controller/Index.php.","aliases":["CVE-2022-28056"],"modified":"2023-11-08T04:09:01.182033Z","published":"2022-05-03T00:00:42Z","database_specific":{"github_reviewed_at":"2022-05-24T22:02:14Z","github_reviewed":true,"cwe_ids":["CWE-732"],"nvd_published_at":"2022-05-02T14:15:00Z","severity":"CRITICAL"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-28056"},{"type":"WEB","url":"https://github.com/gongfuxiang/shopxo/issues/66"},{"type":"PACKAGE","url":"https://github.com/gongfuxiang/shopxo"}],"affected":[{"package":{"name":"shopxo/shopxo","ecosystem":"Packagist","purl":"pkg:composer/shopxo/shopxo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.6"}]}],"versions":["2.1.0","v1.1.0","v1.2.0","v1.3.0","v1.4.0","v1.5.0","v1.6.0","v1.7.0","v1.8.0","v1.8.1","v1.9.0","v1.9.1","v1.9.2","v1.9.3","v2.0.0","v2.0.1","v2.0.2","v2.0.3","v2.2.0","v2.2.1","v2.2.2","v2.2.3","v2.2.4","v2.2.5"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jfph-3hpg-2f65/GHSA-jfph-3hpg-2f65.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}