SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the «user_phone» parameter of a crafted HTTP request to the «admin.php» component.
