Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10 matches found

RedhatCVE
RedhatCVEadded 2026/01/07 9:34 a.m.5 views

CVE-2019-7403

An issue was discovered in PHPMyWind 5.5. It allows remote attackers to delete arbitrary folders via an admin/databasebackup.php?action=import=deldir=../ URI...

5.5CVSS7.2AI score0.00341EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2019-17192

Malware in sbrugna...

6.1CVSS6.3AI score0.00328EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2021-25860

Malware in sbrugna...

7.2CVSS7AI score0.03282EPSS
Exploits1References3
RedhatCVE
RedhatCVEadded 2025/05/22 8:12 p.m.3 views

CVE-2021-39503

PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without ", ?, =, ,...." In WriteConfig function, an attacker can inject php code to /include/config.cache.php file...

7.2CVSS7.4AI score0.03282EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/22 4:29 p.m.3 views

CVE-2020-21060

SQL injection vulnerability found in PHPMyWind v.5.6 allows a remote attacker to gain privileges via the delete function of the administrator management page...

8.8CVSS8.2AI score0.00672EPSS
Exploits1
CNVD
CNVDadded 2021/05/28 12:0 a.m.6 views

PHPMyWind Cross-Site Scripting Vulnerability (CNVD-2021-38773)

PHPMyWind is a set of PHP and MySQL-based and W3C-compliant enterprise website building solutions. A cross-site scripting vulnerability exists in PHPMyWind v5.5 that allows a remote attacker to execute arbitrary code by injecting script into the component "/admin/webconfig.php" with the parameter...

4.8CVSS7AI score0.00648EPSS
Exploits1References1
CNVD
CNVDadded 2021/05/28 12:0 a.m.5 views

PHPMyWind Cross-Site Scripting Vulnerability (CNVD-2021-38772)

PHPMyWind is a set of PHP and MySQL-based and W3C-compliant enterprise website building solutions. A cross-site scripting vulnerability exists in PHPMyWind v5.5, which allows remote attackers to execute arbitrary code by injecting script into the parameter "$cfgcopyright" in the component...

4.8CVSS7.1AI score0.00434EPSS
Exploits1References1
CNVD
CNVDadded 2018/12/25 12:0 a.m.1 views

SQL Injection Vulnerability in PHPMyWind in***_up***.php File

PHPMyWind is a PHP + MySQL based development of W3C standards-compliant site building engine . A SQL injection vulnerability exists in the PHPMyWind inup.php file. An attacker can exploit this vulnerability to obtain sensitive database information...

7.7AI score
Exploits0
CNVD
CNVDadded 2018/09/17 12:0 a.m.2 views

PHPMyWind Arbitrary Code Execution Vulnerability

PHPMyWind is a set of PHP and MySQL-based and W3C-compliant enterprise website building solutions. A security vulnerability exists in the admin/webconfig.php file in PHPMyWind version 5.5. The vulnerability can be exploited to execute arbitrary code with the help of the 'cfgauthor' field and the...

7.2CVSS7.5AI score0.00399EPSS
Exploits1References1
seebug.org
seebug.orgadded 2014/07/16 12:0 a.m.178 views

phpmywind 5.0 后台GetShell漏洞

简要描述: 这各漏洞子前被报过,但是厂商的修复不彻底。 详细说明: admin/webcongif.php 的过滤代码如下。 //强制去掉 ' //强制去掉最后一位 / $vartmp = strreplace"'",'',$row'varvalue'; ifsubstr$vartmp, -1 == '\' $vartmp = substr$vartmp,1,-1; 只过滤了最后一位的反斜杠,只需要加两个反斜杠就可以了····· 首先修改网站配置信息 configcache.php中会变成这样 $cfgwebname = '的网站'; $cfgweburl =...

7.1AI score
Exploits0
Rows per page
Query Builder