PT-2019-19762 · Phpshe · Phpshe

Hellos1Ma

Published

2019-03-07

Updated

2019-03-07

CVE-2019-9626

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PHPSHE version 1.7

Description The issue allows for SQL Injection in the pintuan id parameter to the /index.php endpoint via the module/index/cart.php file.

Recommendations For PHPSHE version 1.7, consider restricting access to the cart.php module to minimize the risk of exploitation until a patch is available. Avoid using the pintuan id parameter in the affected API endpoint until the issue is resolved.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2019-9626

Affected Products

Phpshe

PT-2019-19762 · Phpshe · Phpshe

CVE-2019-9626

Weakness Enumeration

Related Identifiers

Affected Products

References · 3