Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpshe vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2022-24132
phpshe V1.8 is affected by a denial of service (DoS) attack in the registry's verification code, which can paralyze the target service.
Phpshe Phpshe 1.8
668
VMScore
CVE-2020-18020
SQL Injection in PHPSHE Mall System v1.7 allows remote malicious users to execute arbitrary code by injecting SQL commands into the "user_phone" parameter of a crafted HTTP request to the "admin.php" component.
Phpshe Mall System 1.7
578
VMScore
CVE-2020-18215
Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.php via the (1) ad_id, (2) menu_id, and (3) cashout_id parameters, which could let a remote malicious user execute arbitrary code.
Phpshe Phpshe 1.7
668
VMScore
CVE-2020-19165
PHPSHE 1.7 has SQL injection via the admin.php?mod=user&userlevel_id=1 userlevel_id[] parameter.
Phpshe Phpshe 1.7
445
VMScore
CVE-2019-9761
An XXE issue exists in PHPSHE 1.7, which can be used to read any file in the system or scan the internal network without authentication. This occurs because of the call to wechat_getxml in include/plugin/payment/wechat/notify_url.php.
Phpshe Phpshe 1.7
668
VMScore
CVE-2019-9762
A SQL Injection exists in PHPSHE 1.7 in include/plugin/payment/alipay/pay.php with the parameter id. The vulnerability does not need any authentication.
Phpshe Phpshe 1.7
668
VMScore
CVE-2019-9626
PHPSHE 1.7 allows module/index/cart.php pintuan_id SQL Injection to index.php.
Phpshe Phpshe 1.7
578
VMScore
CVE-2019-6708
PHPSHE 1.7 has SQL injection via the admin.php?mod=order state parameter.
Phpshe Phpshe 1.7
578
VMScore
CVE-2019-6707
PHPSHE 1.7 has SQL injection via the admin.php?mod=product&act=state product_id[] parameter.
Phpshe Phpshe 1.7
570
VMScore
CVE-2018-18485
An issue exists in PHPSHE 1.7. admin.php?mod=db&act=del allows remote malicious users to delete arbitrary files via directory traversal sequences in the dbname parameter. This can be leveraged to reload the product by deleting install.lock.
Phpshe Phpshe 1.7
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »