258 matches found
CVE-2019-7661
An issue was discovered in PHPMyWind 5.5. The method parameter of the data/api/oauth/connect.php page has a reflected Cross-site Scripting XSS vulnerability...
CVE-2019-7660
PHPMyWind 5.5 is affected by a stored XSS in the username parameter of /install/index.php (as described by CVE-2019-7660). The issue is demonstrated via admin/login.php. Multiple sources (NVD/CNVD/CVE listings) confirm the vulnerability and its basic details; no specifics about mitigations or pat...
CVE-2019-7661
PHPMyWind 5.5 is affected by a reflected XSS in the data/api/oauth/connect.php endpoint (method parameter). CNVD/NVD describe possible leakage of user cookies; CVSS3 base score 6.1 (MEDIUM). No remediation/fix details are provided in the supplied documents.
PHPMyWind Cross-Site Scripting Vulnerability (CNVD-2019-35826)
PHPMyWind is a set of PHP and MySQL-based and W3C-compliant enterprise website building solutions. A cross-site scripting vulnerability exists in the admin/default.php file in PHPMyWind v5.5, which can be exploited by a remote attacker to inject arbitrary Web script or HTML with the help of HTTP...
CVE-2019-8435
admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header...
Design/Logic Flaw
admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header...
CVE-2019-8435
admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header...
CVE-2019-8435
CVE-2019-8435 affects PHPMyWind v5.5, with an XSS vulnerability in admin/default.php exploitable via an HTTP Host header. The connected documents confirm the vulnerability and describe the impact as cross-site scripting, enabling arbitrary script/HTML injection when a crafted Host header is proce...
CVE-2019-8435
admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header...
Code injection
An issue was discovered in PHPMyWind 5.5. It allows remote attackers to delete arbitrary folders via an admin/databasebackup.php?action=import&dopost=deldir&tbname=../ URI...
Cross site request forgery (csrf)
An issue was discovered in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfgqqcode parameter. This can be exploited via CSRF...
CVE-2019-7402
An issue was discovered in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfgqqcode parameter. This can be exploited via CSRF...
CVE-2019-7403
An issue was discovered in PHPMyWind 5.5. It allows remote attackers to delete arbitrary folders via an admin/databasebackup.php?action=import&dopost=deldir&tbname=../ URI...
CVE-2019-7402
An issue was discovered in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfgqqcode parameter. This can be exploited via CSRF...
CVE-2019-7403
An issue was discovered in PHPMyWind 5.5. It allows remote attackers to delete arbitrary folders via an admin/databasebackup.php?action=import&dopost=deldir&tbname=../ URI...
CVE-2019-7403
An issue was discovered in PHPMyWind 5.5. It allows remote attackers to delete arbitrary folders via an admin/databasebackup.php?action=import&dopost=deldir&tbname=../ URI...
CVE-2019-7403
PHPMyWind 5.5 is affected by CVE-2019-7403 due to an unsafely handled tbname parameter in admin/database_backup.php, allowing remote attackers to delete arbitrary folders via action=deldir and deldir path traversal. Impact is described as potential folder deletion with unauthenticated or limited-...
CVE-2019-7402
The vulnerability CVE-2019-7402 affects PHPMyWind 5.5, where the GetQQ function in include/func.class.php allows XSS via the cfg_qqcode parameter. The issue can be exploited through CSRF. Connected sources (Red Hat) corroborate the same description. No specific vulnerable versions beyond 5.5 are ...
CVE-2019-7402
An issue was discovered in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfgqqcode parameter. This can be exploited via CSRF...
SQL injection vulnerability in PHPMyWind di***_up***.php file
PHPMyWind is a PHP + MySQL based development of W3C standards-compliant site building engine . A SQL injection vulnerability exists in the PHPMyWind diup.php file. An attacker can exploit this vulnerability to obtain sensitive database information...