CVE-2017-16614

Name of the Vulnerable Software and Affected Versions: tpshop versions 2.0.5 through 2.0.6

Description: The issue allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution. This is achieved via the fBill parameter in the plugins/payment/weixin/lib/WxPay.tedatac.php file.

Recommendations: For tpshop versions 2.0.5 and 2.0.6, consider restricting access to the plugins/payment/weixin/lib/WxPay.tedatac.php file to minimize the risk of exploitation. Avoid using the fBill parameter in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.