CVE-2020-19165

Name of the Vulnerable Software and Affected Versions PHPSHE version 1.7

Description The issue is related to SQL injection via the "admin.php?mod=user&userlevel id=1" API endpoint, specifically through the userlevel id[] parameter. This allows for potential exploitation.

Recommendations For PHPSHE version 1.7, consider restricting access to the "admin.php?mod=user&userlevel id=1" API endpoint until a patch is available. As a temporary workaround, avoid using the userlevel id[] parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.