SSRF (Server Side Request Forgery) in tpshop 2.0.5 and 2.0.6 allows remote malicious users to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the plugins/payment/weixin/lib/WxPay.tedatac.php fBill parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
tp-shop tpshop 2.0.6 |
||
tp-shop tpshop 2.0.5 |