2 matches found
Arbitrary Command Injection Over HTTP Traffic (CVE-2020-19165; CVE-2020-24219; CVE-2020-28477; CVE-2021-26747; CVE-2021-27328)
Arbitrary Command Injection Over HTTP Traffic...
CVE-2020-19165
PHPSHE 1.7 is affected by CVE-2020-19165: an SQL injection in the admin.php?mod=user&userlevel_id=1 and userlevel_id[] parameter. The issue originates from unsafely handling userlevel_id input, enabling an attacker to manipulate SQL queries. No remediation details are provided in the connected do...