CVE-2020-18020
PHPSHE Mall System v1.7 suffers an SQL injection in the user_phone parameter of admin.php, enabling remote attackers to execute arbitrary SQL and potentially compromise the system. Root cause: improper handling of input in the user_phone field. Impact notes: remote code execution is stated in the...