CVE-2020-18164
CVE-2020-18164 affects tp-shop 2.x–3.x, with an SQL Injection in the /index.php/home/api/shop fBill parameter. Root cause: unsafely constructed SQL queries exposed via the fBill input. Impact per sources: high severity (NVD CVSS v3.1: 9.8, CRITICAL; v2.0: 7.5, HIGH) with network access and no aut...