Vulnerability Details CVE-2020-18020
SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the "user_phone" parameter of a crafted HTTP request to the "admin.php" component.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.104
EPSS Ranking 92.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2020-18020
-
cpe:2.3:a:phpshe:mall_system:1.7