CVE-2020-18020

SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the "user_phone" parameter of a crafted HTTP request to the "admin.php" component.
References
Link Resource
https://gitee.com/koyshe/phpshe/issues/IQ8S8 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:phpshe:mall_system:1.7:*:*:*:*:*:*:*

Information

Published : 2021-04-28 02:15

Updated : 2021-05-05 08:25


NVD link : CVE-2020-18020

Mitre link : CVE-2020-18020

Products Affected
No products.
CWE