Shopizer has a path traversal issue

GHSA-f5w4-7ccj-5m75 · CVE-2026-36767

Published Apr 30, 2026 · Modified May 7, 2026

Description

A path traversal vulnerability in the /content/images/add endpoint of shopizer through version 3.2.5 allows attackers write arbitrary files to any writeable path via a crafted POST request.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2026-36767
WEB https://github.com/shopizer-ecommerce/shopizer/issues/1091
PACKAGE https://github.com/shopizer-ecommerce/shopizer

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes