cbcvebase.
CVE-2019-9762
published 2019-03-14

CVE-2019-9762: A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment/alipay/pay.php with the parameter id. The vulnerability does not need any authentication.

PriorityP179critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
5.05%
91.2th percentile
A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment/alipay/pay.php with the parameter id. The vulnerability does not need any authentication.

Affected

1 ranges
VendorProductVersion rangeFixed in
phpshephpshe

Detection & IOCsextracted from sources · hover to see the quote

path/include/plugin/payment/alipay/pay.php
url/include/plugin/payment/alipay/pay.php?id=pay%20where%201=1%20union%20select%201,2,CONCAT(md5({{num}})),4,5,6,7,8,9,10,11,12%23_
commandid=pay where 1=1 union select 1,2,CONCAT(md5(999999999)),4,5,6,7,8,9,10,11,12#_
  • Detect unauthenticated SQL injection attempts targeting the `id` parameter of pay.php; look for UNION SELECT payloads in GET requests to this path.
  • Response body containing an MD5 hash value (e.g., md5 of a numeric canary) in the body of the pay.php response indicates successful SQL injection exploitation.
  • ·The vulnerability requires no authentication; any unauthenticated HTTP GET request to the affected endpoint with a crafted `id` parameter is sufficient to exploit it.
  • ·The FOFA query `app="PHPSHE"` can be used to identify internet-exposed PHPSHE instances for asset discovery.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.