Skip to main content

Phpshe CVE-2018-8943

CRITICAL
SQL Injection (CWE-89)
2018-03-22 cve@mitre.org
9.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 22, 2018 - 21:29 nvd
CRITICAL 9.8

DescriptionNVD

There is a SQL injection in the PHPSHE 1.6 userbank parameter.

AnalysisAI

There is a SQL injection in the PHPSHE 1.6 userbank parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. There is a SQL injection in the PHPSHE 1.6 userbank parameter. Affected products include: Phpshe.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

More in Phpshe

View all
CVE-2020-19165 CRITICAL POC
9.8 Dec 11

PHPSHE 1.7 has SQL injection via the admin.php?mod=user&userlevel_id=1 userlevel_id[] parameter. Rated critical severity

CVE-2019-9762 CRITICAL POC
9.8 Mar 14

A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment/alipay/pay.php with the parameter id. Rated criti

CVE-2019-9626 CRITICAL POC
9.8 Mar 07

PHPSHE 1.7 allows module/index/cart.php pintuan_id SQL Injection to index.php. Rated critical severity (CVSS 9.8), this

CVE-2018-18486 CRITICAL POC
9.8 Oct 18

An issue was discovered in PHPSHE 1.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, n

CVE-2022-24132 HIGH POC
7.5 Mar 30

phpshe V1.8 is affected by a denial of service (DoS) attack in the registry's verification code, which can paralyze the

CVE-2019-9761 HIGH POC
7.5 Mar 14

An XXE issue was discovered in PHPSHE 1.7, which can be used to read any file in the system or scan the internal network

CVE-2018-18485 HIGH POC
7.5 Oct 18

An issue was discovered in PHPSHE 1.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no au

CVE-2019-6708 HIGH POC
7.2 Jan 23

PHPSHE 1.7 has SQL injection via the admin.php?mod=order state parameter. Rated high severity (CVSS 7.2), this vulnerabi

CVE-2019-6707 HIGH POC
7.2 Jan 23

PHPSHE 1.7 has SQL injection via the admin.php?mod=product&act=state product_id[] parameter. Rated high severity (CVSS 7

CVE-2025-3553 MEDIUM POC
5.3 Apr 14

A vulnerability was found in phpshe 1.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, l

CVE-2025-3554 MEDIUM POC
5.3 Apr 14

A vulnerability was found in phpshe 1.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, n

Share

CVE-2018-8943 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy