CVE-2020-18215

Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.php via the 1 adid, 2 menuid, and 3 cashoutid parameters, which could let a remote malicious user execute arbitrary code...

PT-2025-16206 · Phpshe · Phpshe

Name of the Vulnerable Software and Affected Versions: phpshe version 1.8 Description: A critical issue has been identified, affecting the pe delete function in the /admin.php?mod=brand&act=del endpoint. The manipulation of the brand id argument leads to SQL injection. This issue can be exploited...

CVE-2022-24132

phpshe V1.8 is affected by a denial of service DoS attack in the registry's verification code, which can paralyze the target service...

SQL Injection Vulnerability in phpshe v1.7 (CNVD-2019-12521)

PHPSHE mall system is a combination of product display, online shopping, order management, payment management, article management, customer consultation feedback and other functions, providing users with online shopping mall construction program. phpshe v1.7 version of the existence of SQL...

CVE-2019-9761

An XXE issue was discovered in PHPSHE 1.7, which can be used to read any file in the system or scan the internal network without authentication. This occurs because of the call to wechatgetxml in include/plugin/payment/wechat/notifyurl.php...

CVE-2019-6707

PHPSHE 1.7 has SQL injection via the admin.php?mod=product&act=state productid parameter...

CVE-2018-18485

An issue was discovered in PHPSHE 1.7. admin.php?mod=db&act=del allows remote attackers to delete arbitrary files via directory traversal sequences in the dbname parameter. This can be leveraged to reload the product by deleting install.lock...

CVE-2018-8943

There is a SQL injection in the PHPSHE 1.6 userbank parameter...