CVE-2020-18215
HIGHPHPSHE 1.7 - SQL Injection via ad_id, menu_id, or cashout_id Parameters
Title source: llmDescription
Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.php via the (1) ad_id, (2) menu_id, and (3) cashout_id parameters, which could let a remote malicious user execute arbitrary code.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/lemon666/vuln/blob/master/Phpshe1.7_sql1.md
Exploit, Third Party Advisory x_refsource_misc
https://gitee.com/koyshe/phpshe/issues/ITLK2
Scores
CVSS v3
8.8
EPSS
0.0199
EPSS Percentile
78.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
phpshe/phpshe
1.7
Published
Feb 09, 2021
Tracked Since
Feb 18, 2026