Shodan
Vulnerabilities
Vulnerable Software
Phpshe:  >> Phpshe  Security Vulnerabilities
CVE-2025-3554
A vulnerability was found in phpshe 1.8. It has been rated as problematic. This issue affects some unknown processing of the file api.php?mod=cron&act=buyer. The manipulation of the argument act leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-04-14
CVE-2025-3553
A vulnerability was found in phpshe 1.8. It has been declared as critical. This vulnerability affects the function pe_delete of the file /admin.php?mod=brand&act=del. The manipulation of the argument brand_id[] leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-04-14
CVE-2022-24132
phpshe V1.8 is affected by a denial of service (DoS) attack in the registry's verification code, which can paralyze the target service.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-03-30
CVE-2020-18215
Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.php via the (1) ad_id, (2) menu_id, and (3) cashout_id parameters, which could let a remote malicious user execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.006
Published
2021-02-09
CVE-2020-19165
PHPSHE 1.7 has SQL injection via the admin.php?mod=user&userlevel_id=1 userlevel_id[] parameter.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-12-11
CVE-2019-9761
An XXE issue was discovered in PHPSHE 1.7, which can be used to read any file in the system or scan the internal network without authentication. This occurs because of the call to wechat_getxml in include/plugin/payment/wechat/notify_url.php.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-03-14
CVE-2019-9762
A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment/alipay/pay.php with the parameter id. The vulnerability does not need any authentication.
CVSS Score
9.8
EPSS Score
0.597
Published
2019-03-14
CVE-2019-9626
PHPSHE 1.7 allows module/index/cart.php pintuan_id SQL Injection to index.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2019-03-07
CVE-2019-6707
PHPSHE 1.7 has SQL injection via the admin.php?mod=product&act=state product_id[] parameter.
CVSS Score
7.2
EPSS Score
0.002
Published
2019-01-23
CVE-2019-6708
PHPSHE 1.7 has SQL injection via the admin.php?mod=order state parameter.
CVSS Score
7.2
EPSS Score
0.002
Published
2019-01-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved