VYPR
Vendor

phpshe

Products
1
CVEs
14
Across products
14
Status
Private

Products

1

Recent CVEs

14
  • CVE-2020-18020CriApr 28, 2021
    risk 0.64cvss 9.8epss 0.04

    SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the "user_phone" parameter of a crafted HTTP request to the "admin.php" component.

  • CVE-2020-19165CriDec 11, 2020
    risk 0.64cvss 9.8epss 0.02

    PHPSHE 1.7 has SQL injection via the admin.php?mod=user&userlevel_id=1 userlevel_id[] parameter.

  • CVE-2019-9762CriMar 14, 2019
    risk 0.64cvss 9.8epss 0.05

    A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment/alipay/pay.php with the parameter id. The vulnerability does not need any authentication.

  • CVE-2019-9626CriMar 7, 2019
    risk 0.64cvss 9.8epss 0.01

    PHPSHE 1.7 allows module/index/cart.php pintuan_id SQL Injection to index.php.

  • CVE-2018-18486CriOct 18, 2018
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in PHPSHE 1.7. SQL injection exists via the admin.php?mod=user&act=del user_id[] parameter.

  • CVE-2018-8943CriMar 22, 2018
    risk 0.64cvss 9.8epss 0.01

    There is a SQL injection in the PHPSHE 1.6 userbank parameter.

  • CVE-2020-18215HigFeb 9, 2021
    risk 0.57cvss 8.8epss 0.02

    Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.php via the (1) ad_id, (2) menu_id, and (3) cashout_id parameters, which could let a remote malicious user execute arbitrary code.

  • CVE-2022-24132HigMar 30, 2022
    risk 0.49cvss 7.5epss 0.01

    phpshe V1.8 is affected by a denial of service (DoS) attack in the registry's verification code, which can paralyze the target service.

  • CVE-2019-9761HigMar 14, 2019
    risk 0.49cvss 7.5epss 0.02

    An XXE issue was discovered in PHPSHE 1.7, which can be used to read any file in the system or scan the internal network without authentication. This occurs because of the call to wechat_getxml in include/plugin/payment/wechat/notify_url.php.

  • CVE-2018-18485HigOct 18, 2018
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in PHPSHE 1.7. admin.php?mod=db&act=del allows remote attackers to delete arbitrary files via directory traversal sequences in the dbname parameter. This can be leveraged to reload the product by deleting install.lock.

  • CVE-2019-6708HigJan 23, 2019
    risk 0.47cvss 7.2epss 0.01

    PHPSHE 1.7 has SQL injection via the admin.php?mod=order state parameter.

  • CVE-2019-6707HigJan 23, 2019
    risk 0.47cvss 7.2epss 0.01

    PHPSHE 1.7 has SQL injection via the admin.php?mod=product&act=state product_id[] parameter.

  • CVE-2025-3553MedApr 14, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in phpshe 1.8. It has been declared as critical. This vulnerability affects the function pe_delete of the file /admin.php?mod=brand&act=del. The manipulation of the argument brand_id[] leads to sql injection. The attack can be initiated remotely. The…

  • CVE-2025-3554MedApr 14, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in phpshe 1.8. It has been rated as problematic. This issue affects some unknown processing of the file api.php?mod=cron&act=buyer. The manipulation of the argument act leads to cross site scripting. The attack may be initiated remotely. The exploit has…