CVE-2018-8943

There is a SQL injection in the PHPSHE 1.6 userbank parameter...

PHPSHE 'userbank' Parameter SQL Injection Vulnerability

PHPSHE is an online shopping mall system. The system supports express tracking, online chat, order evaluation and statistics. A SQL injection vulnerability exists in the 'userbank' parameter in PHPSHE version 1.6. A remote attacker can exploit this vulnerability to execute SQL commands...

CVE-2018-8943

There is a SQL injection in the PHPSHE 1.6 userbank parameter...

CVE-2018-8943

There is a SQL injection in the PHPSHE 1.6 userbank parameter...

Sql injection

There is a SQL injection in the PHPSHE 1.6 userbank parameter...

CVE-2018-8943

PHPSHE 1.6 contains a SQL injection in the userbank parameter. Multiple sources (CNVD, NVD, RH-CVE entries) confirm a SQL injection vulnerability that could enable a remote attacker to execute SQL commands. The exact exploitation status and available patches are not provided in the supplied docum...

CVE-2018-8943

There is a SQL injection in the PHPSHE 1.6 userbank parameter...

PHPSHE 1.6 userbank sql注入

PHPSHE 1.6 userbank sql注入 漏洞描述 PHPSHE商城系统是将商品展示、在线购物、订单管理、支付管理、文章管理、客户咨询反馈等功能相结合，为用户提供了网上商城建设方案。 PHPSHE开源商城系统userbank页面存在SQL注入漏洞，由于系统未能对用户输入的参数进行严格过滤。攻击者可利用该漏洞获取数据库敏感信息。 漏洞分析 www/module/admin/userbank.php 文件 存在漏洞 default: $gname && $sqlwhere .= " and username like '%$gname%'"; $gtname && $sqlwher...