SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the βuser_phoneβ parameter of a crafted HTTP request to the βadmin.phpβ component.
CPE | Name | Operator | Version |
---|---|---|---|
mall_system | eq | 1.7 |