A SQL Injection exists in PHPSHE 1.7 in include/plugin/payment/alipay/pay.php with the parameter id. The vulnerability does not need any authentication.
phpshe phpshe 1.7