p0desta

2 exploits Active since Oct 2018

CVE-2018-18486 GITEE CRITICAL php WRITEUP

PHPSHE 1.7 - SQL Injection via admin.php user_id[] Parameter

An issue was discovered in PHPSHE 1.7. SQL injection exists via the admin.php?mod=user&act=del user_id[] parameter.

48 stars

CVSS 9.8

View Code

CVE-2018-18485 GITEE HIGH php WRITEUP

PHPSHE 1.7 - Unauthenticated Path Traversal and Arbitrary File Deletion via dbname Parameter

An issue was discovered in PHPSHE 1.7. admin.php?mod=db&act=del allows remote attackers to delete arbitrary files via directory traversal sequences in the dbname parameter. This can be leveraged to reload the product by deleting install.lock.

48 stars

CVSS 7.5

View Code