[HIGH] Arbitrary file upload in ShopXO

PKSA-nydr-bchs-fr22 CVE-2021-41938 GHSA-86p5-97jr-r598

Affected package: shopxo/shopxo

Affected version: <=2.2.0

Reported by:
GitHub