13 matches found
CVE-2018-18485
An issue was discovered in PHPSHE 1.7. admin.php?mod=db=del allows remote attackers to delete arbitrary files via directory traversal sequences in the dbname parameter. This can be leveraged to reload the product by deleting install.lock...
EUVD-2019-18997
Malware in sbrugna...
EUVD-2018-10210
Malware in sbrugna...
EUVD-2022-29043
Malicious code in bioql PyPI...
CVE-2019-9626
PHPSHE 1.7 allows module/index/cart.php pintuanid SQL Injection to index.php...
CVE-2025-3554 phpshe api.php cross site scripting
A vulnerability was found in phpshe 1.8. It has been rated as problematic. This issue affects some unknown processing of the file api.php?mod=cron&act=buyer. The manipulation of the argument act leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to...
CVE-2025-3554 phpshe api.php cross site scripting
A vulnerability was found in phpshe 1.8. It has been rated as problematic. This issue affects some unknown processing of the file api.php?mod=cron&act=buyer. The manipulation of the argument act leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to...
CVE-2025-3553
A vulnerability was found in phpshe 1.8. It has been declared as critical. This vulnerability affects the function pedelete of the file /admin.php?mod=brand&act=del. The manipulation of the argument brandid leads to sql injection. The attack can be initiated remotely. The exploit has been disclos...
CVE-2025-3553
Phpshe 1.8 contains a SQL injection in the pe_delete function at /admin.php?mod=brand&act=del, triggered by manipulating the brand_id[] parameter. The vulnerability can be exploited remotely and has public exploits. Mitigations from PT-2025-16206 include disabling the pe_delete endpoint and restr...
CVE-2025-3553 phpshe admin.php pe_delete sql injection
A vulnerability was found in phpshe 1.8. It has been declared as critical. This vulnerability affects the function pedelete of the file /admin.php?mod=brand&act=del. The manipulation of the argument brandid leads to sql injection. The attack can be initiated remotely. The exploit has been disclos...
CVE-2025-3553 phpshe admin.php pe_delete sql injection
A vulnerability was found in phpshe 1.8. It has been declared as critical. This vulnerability affects the function pedelete of the file /admin.php?mod=brand&act=del. The manipulation of the argument brandid leads to sql injection. The attack can be initiated remotely. The exploit has been disclos...
PHPSHE SQL Injection Vulnerability (CNVD-2021-14165)
PHPSHE is a set of online shopping mall system of China PHPSHE company. The system supports express tracking, online chat, order evaluation and statistics. SQL injection vulnerability exists in PHPSHE 1.7. An attacker can exploit this vulnerability by using the admin.php?mod=user&userlevelid=1...
phpshe v1.1 任意文件上传漏洞
No description provided by source...