Cross-Site Scripting Vulnerability in phpshe by Lingbao Jianhao Network Technology Co., Ltd.
CVE-2025-3554
Key Information:
- Vendor
- Lingbao Jianhao Network Technology Co., Ltd.
- Status
- PHPshe
- Vendor
- CVE Published:
- 14 April 2025
Badges
Summary
A cross-site scripting vulnerability was discovered in phpshe version 1.8, affecting the API endpoint api.php?mod=cron&act=buyer. The vulnerability arises from improper handling of user inputs in the 'act' parameter, allowing attackers to inject malicious scripts. These scripts can be executed in the context of users interacting with the affected endpoint, potentially leading to unauthorized actions and information theft. Given that the exploit has been publicly disclosed, immediate attention is recommended to mitigate any risks associated with this vulnerability.
Affected Version(s)
phpshe 1.8
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved