CVE-2020-18215

Name of the Vulnerable Software and Affected Versions: PHPSHE version 1.7

Description: The issue concerns SQL Injection vulnerabilities in the PHPSHE software. Specifically, the vulnerabilities are found in the phpshe/admin.php file and can be exploited via the ad id, menu id, and cashout id parameters. This could allow a remote malicious user to execute arbitrary code.

Recommendations: For PHPSHE version 1.7, as a temporary workaround, consider restricting access to the vulnerable parameters ad id, menu id, and cashout id in the phpshe/admin.php file until a patch is available. Avoid using these parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.