phpshe SQL Injection Vulnerability in Admin Brand Deletion Function

Vulnerability

A critical SQL injection vulnerability has been identified in phpshe version 1.8. The issue arises in the admin.php file, specifically within the brand deletion function, where the brand_id[] parameter is manipulated. This vulnerability allows remote attackers to inject arbitrary SQL code, bypassing input validation and potentially leading to unauthorized database access, data manipulation, and full system compromise.

Impact

Exploitation of this vulnerability allows for SQL injection, enabling attackers to manipulate database queries. This could result in unauthorized access to the database, leakage or alteration of sensitive data, complete control over the system, and disruption of services.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

7.5

exploitability

6.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

7.5

exploitability

6.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

phpshe SQL Injection Vulnerability in Admin Brand Deletion Function

Vulnerability

Impact

Affected Products

phpshe

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating