Si1Ence

Name of the Vulnerable Software and Affected Versions: PHPSHE Mall System version 1.7 Description: The issue allows remote attackers to execute arbitrary code by injecting SQL commands into the `user phone` parameter of a crafted HTTP request to the "admin.php" component. This enables attackers to manipulate the database and potentially gain unauthorized access. Recommendations: For PHPSHE Mall System version 1.7, consider restricting access to the "admin.php" component and avoid using the `user phone` parameter in crafted HTTP requests until a patch is available. As a temporary workaround, restrict the input allowed for the `user phone` parameter to minimize the risk of exploitation.