CVE-2020-18020

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0270%

EPSS Percentile10.87th

Published2021年4月28日

Last Modified2024年11月21日

Vulnerability Description

SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the "user_phone" parameter of a crafted HTTP request to the "admin.php" component.

Affected Platforms (CPE)

📦

Phpshe

Mall System

= 1.7

References & Advisories

🔗 https://gitee.com/koyshe/phpshe/issues/IQ8S8

相关漏洞威胁

CVE-2020-234489.8

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. ...

CVE-2020-213948.8

SQL Injection vulnerability in Zhong Bang Technology Co., Ltd CRMEB mall system V2.60 and V3.1 via the tablename parameter in Syst...

CVE-2019-255408.2

Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate databa...

CVE-2018-68665.4

Cross Site Scripting (XSS) exists in PHP Scripts Mall Learning and Examination Management System Script 2.3.1 via a crafted messag...