An issue was discovered in PHPSHE 1.7. admin.php?mod=db&act=del allows remote attackers to delete arbitrary files via directory traversal sequences in the dbname parameter. This can be leveraged to reload the product by deleting install.lock.
CVSS Score
7.5
EPSS Score
0.009
Published
2018-10-18
An issue was discovered in PHPSHE 1.7. SQL injection exists via the admin.php?mod=user&act=del user_id[] parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-10-18
There is a SQL injection in the PHPSHE 1.6 userbank parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-03-22
Page 2