PHPWind 9.1.0 has XSS vulnerabilities in the c and m parameters of the index.php...
6.1CVSS
6.1AI Score
0.001EPSS
phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=backup&c=backup&a=doback tabledb[] parameter, related to the "--backup database"...
7.2CVSS
8.7AI Score
0.001EPSS
Open redirect vulnerability in goto.php in phpwind 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url...
7.4AI Score
0.003EPSS
Cross-site scripting (XSS) vulnerability in goto.php in phpwind 8.7 allows remote attackers to inject arbitrary web script or HTML via the url...
6.3AI Score
0.003EPSS
SQL injection vulnerability in admin.php in PHPWind 5.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the AdminUser...
9.3AI Score
0.004EPSS