CVE-2020-18020

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0270%

EPSS Percentile10.87th

PublishedApr 28, 2021

Last ModifiedNov 21, 2024

Vulnerability Description

SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the "user_phone" parameter of a crafted HTTP request to the "admin.php" component.

Affected Platforms (CPE)

📦

Phpshe

Mall System

= 1.7

References & Advisories

🔗 https://gitee.com/koyshe/phpshe/issues/IQ8S8

Related Vulnerabilities

CVE-2020-234489.8

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. ...

CVE-2020-213948.8

SQL Injection vulnerability in Zhong Bang Technology Co., Ltd CRMEB mall system V2.60 and V3.1 via the tablename parameter in Syst...

CVE-2019-255408.2

Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate databa...

CVE-2018-68665.4

Cross Site Scripting (XSS) exists in PHP Scripts Mall Learning and Examination Management System Script 2.3.1 via a crafted messag...