Vulnerabilities > Phpshe > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-04-28 CVE-2020-18020 SQL Injection vulnerability in PHPshe Mall System 1.7
SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the "user_phone" parameter of a crafted HTTP request to the "admin.php" component.
network
low complexity
phpshe CWE-89
critical
 9.8
9.8
2020-12-11 CVE-2020-19165 SQL Injection vulnerability in PHPshe 1.7
PHPSHE 1.7 has SQL injection via the admin.php?mod=user&userlevel_id=1 userlevel_id[] parameter.
network
low complexity
phpshe CWE-89
critical
 9.8
9.8
2019-03-14 CVE-2019-9762 SQL Injection vulnerability in PHPshe 1.7
A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment/alipay/pay.php with the parameter id.
network
low complexity
phpshe CWE-89
critical
 9.8
9.8
2019-03-07 CVE-2019-9626 SQL Injection vulnerability in PHPshe 1.7
PHPSHE 1.7 allows module/index/cart.php pintuan_id SQL Injection to index.php.
network
low complexity
phpshe CWE-89
critical
 9.8
9.8
2018-10-18 CVE-2018-18486 SQL Injection vulnerability in PHPshe 1.7
An issue was discovered in PHPSHE 1.7.
network
low complexity
phpshe CWE-89
critical
 9.8
9.8
2018-03-22 CVE-2018-8943 SQL Injection vulnerability in PHPshe 1.6
There is a SQL injection in the PHPSHE 1.6 userbank parameter.
network
low complexity
phpshe CWE-89
critical
 9.8
9.8