SQL Injection Vulnerability in phpshe by 灵宝简好网络科技有限公司
CVE-2025-3553
Key Information:
- Vendor
- 灵宝简好网络科技有限公司
- Status
- PHPshe
- Vendor
- CVE Published:
- 14 April 2025
Badges
Summary
A security flaw has been identified in phpshe 1.8 that allows attackers to execute SQL injection via the pe_delete function in the admin interface. By manipulating the brand_id[] parameter through a crafted request to /admin.php?mod=brand&act=del, an attacker can gain unauthorized access to the database. This vulnerability can be remotely exploited, exposing sensitive data and potentially allowing further system compromise. Organizations using this version of phpshe are advised to review their configurations and apply necessary security patches at their earliest convenience.
Affected Version(s)
phpshe 1.8
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved