phpshe CVE Vulnerabilities & Metrics

Focus on phpshe vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About phpshe Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with phpshe. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total phpshe CVEs: 12
Earliest CVE date: 22 Mar 2018, 21:29 UTC
Latest CVE date: 30 Mar 2022, 18:15 UTC

Latest CVE reference: CVE-2022-24132

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical phpshe CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 6.74

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	0
4.0-6.9	6
7.0-8.9	6
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS phpshe CVEs

These are the five CVEs with the highest CVSS scores for phpshe, sorted by severity first and recency.

CVE-2020-18020 phpshe Published on 28 Apr 2021, 14:15 UTC (CVSS: 7.5)
SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the "user_phone" parameter of a crafted HTTP request to the "admin.php" component.
CVE-2020-19165 phpshe Published on 11 Dec 2020, 19:15 UTC (CVSS: 7.5)
PHPSHE 1.7 has SQL injection via the admin.php?mod=user&userlevel_id=1 userlevel_id[] parameter.
CVE-2019-9762 phpshe Published on 14 Mar 2019, 02:29 UTC (CVSS: 7.5)
A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment/alipay/pay.php with the parameter id. The vulnerability does not need any authentication.
CVE-2019-9626 phpshe Published on 07 Mar 2019, 15:29 UTC (CVSS: 7.5)
PHPSHE 1.7 allows module/index/cart.php pintuan_id SQL Injection to index.php.
CVE-2018-18486 phpshe Published on 18 Oct 2018, 21:29 UTC (CVSS: 7.5)
An issue was discovered in PHPSHE 1.7. SQL injection exists via the admin.php?mod=user&act=del user_id[] parameter.

All CVEs for phpshe

CVE-2022-24132 phpshe vulnerability CVSS: 5.0 30 Mar 2022, 18:15 UTC

phpshe V1.8 is affected by a denial of service (DoS) attack in the registry's verification code, which can paralyze the target service.

CVE-2020-18020 phpshe vulnerability CVSS: 7.5 28 Apr 2021, 14:15 UTC

SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the "user_phone" parameter of a crafted HTTP request to the "admin.php" component.

CVE-2020-18215 phpshe vulnerability CVSS: 6.5 09 Feb 2021, 19:15 UTC

Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.php via the (1) ad_id, (2) menu_id, and (3) cashout_id parameters, which could let a remote malicious user execute arbitrary code.

CVE-2020-19165 phpshe vulnerability CVSS: 7.5 11 Dec 2020, 19:15 UTC

PHPSHE 1.7 has SQL injection via the admin.php?mod=user&userlevel_id=1 userlevel_id[] parameter.

CVE-2019-9762 phpshe vulnerability CVSS: 7.5 14 Mar 2019, 02:29 UTC

A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment/alipay/pay.php with the parameter id. The vulnerability does not need any authentication.

CVE-2019-9761 phpshe vulnerability CVSS: 5.0 14 Mar 2019, 02:29 UTC

An XXE issue was discovered in PHPSHE 1.7, which can be used to read any file in the system or scan the internal network without authentication. This occurs because of the call to wechat_getxml in include/plugin/payment/wechat/notify_url.php.

CVE-2019-9626 phpshe vulnerability CVSS: 7.5 07 Mar 2019, 15:29 UTC

PHPSHE 1.7 allows module/index/cart.php pintuan_id SQL Injection to index.php.

CVE-2019-6708 phpshe vulnerability CVSS: 6.5 23 Jan 2019, 19:29 UTC

PHPSHE 1.7 has SQL injection via the admin.php?mod=order state parameter.

CVE-2019-6707 phpshe vulnerability CVSS: 6.5 23 Jan 2019, 19:29 UTC

PHPSHE 1.7 has SQL injection via the admin.php?mod=product&act=state product_id[] parameter.

CVE-2018-18486 phpshe vulnerability CVSS: 7.5 18 Oct 2018, 21:29 UTC

An issue was discovered in PHPSHE 1.7. SQL injection exists via the admin.php?mod=user&act=del user_id[] parameter.

CVE-2018-18485 phpshe vulnerability CVSS: 6.4 18 Oct 2018, 21:29 UTC

An issue was discovered in PHPSHE 1.7. admin.php?mod=db&act=del allows remote attackers to delete arbitrary files via directory traversal sequences in the dbname parameter. This can be leveraged to reload the product by deleting install.lock.

CVE-2018-8943 phpshe vulnerability CVSS: 7.5 22 Mar 2018, 21:29 UTC

There is a SQL injection in the PHPSHE 1.6 userbank parameter.