CVE-2019-9761

Name of the Vulnerable Software and Affected Versions PHPSHE version 1.7

Description A security issue was discovered, allowing unauthorized access to read any file in the system or scan the internal network without authentication. This is due to a call to wechat getxml in the include/plugin/payment/wechat/notify url.php file.

Recommendations For PHPSHE version 1.7, consider restricting access to the notify url.php file until a patch is available. As a temporary workaround, review the wechat getxml function call to minimize potential exploitation risks. At the moment, there is no information about a newer version that contains a fix for this issue.