CVE-2019-9762

Name of the Vulnerable Software and Affected Versions PHPSHE version 1.7

Description A SQL Injection issue was found in the include/plugin/payment/alipay/pay.php file, specifically with the id parameter. This issue does not require any authentication to be exploited.

Recommendations For PHPSHE version 1.7, consider restricting access to the vulnerable pay.php file or avoiding the use of the id parameter in the affected endpoint until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.