Shodan
Vulnerabilities
Vulnerable Software
Shopizer:  >> Shopizer  >> 3.2.7  Security Vulnerabilities
CVE-2025-51605
An issue was discovered in Shopizer 3.2.7. The server's CORS implementation reflects the client-supplied Origin header verbatim into Access-Control-Allow-Origin without any whitelist validation, while also enabling Access-Control-Allow-Credentials: true. This allows any malicious origin to make authenticated cross-origin requests and read sensitive responses.
CVSS Score
8.1
EPSS Score
0.0
Published
2025-08-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved