CVE-2026-12204 | ShopXO up to 6.7.1 Scheduled Task Endpoint Crontab.php authorization

A vulnerability classified as critical was found in ShopXO up to 6.7.1. This vulnerability affects the function OrderClose/OrderSuccess/PayLogOrderClose/GoodsGiveIntegral of the file app/api/controller/Crontab.php of the component Scheduled Task Endpoint. Executing a manipulation can lead to authorization bypass.

This vulnerability is handled as CVE-2026-12204. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More