CVE-2019-9761

HIGH

PHPSHE 1.7 - XSS

Title source: llm

Description

An XXE issue was discovered in PHPSHE 1.7, which can be used to read any file in the system or scan the internal network without authentication. This occurs because of the call to wechat_getxml in include/plugin/payment/wechat/notify_url.php.

Exploits (1)

gitee WRITEUP 48 stars

by koyshe · phpwriteup

https://gitee.com/koyshe/phpshe/issues/ITC0C

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://gitee.com/koyshe/phpshe/issues/ITC0C

Scores

CVSS v3 7.5

EPSS 0.0062

EPSS Percentile 70.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-611

Status published

Products (1)

phpshe/phpshe 1.7

Published Mar 14, 2019

Tracked Since Feb 18, 2026