258 matches found
CVE-2018-17132
admin/goodsupdate.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue array parameter...
CVE-2018-17131
admin/webconfig.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field...
Design/Logic Flaw
PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header,...
Code injection
admin/webconfig.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting...
Design/Logic Flaw
admin/webconfig.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field...
Code injection
admin/goodsupdate.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue array parameter...
Design/Logic Flaw
admin/webconfig.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfgauthor field in conjunction with a crafted cfgwebpath field...
CVE-2018-17130
PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header,...
CVE-2018-17131
admin/webconfig.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field...
CVE-2018-17133
admin/webconfig.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting...
CVE-2018-17134
admin/webconfig.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfgauthor field in conjunction with a crafted cfgwebpath field...
CVE-2018-17132
admin/goodsupdate.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue array parameter...
CVE-2018-17131
CVE-2018-17131 affects PHPMyWind 5.5: admin/web_config.php allows an admin to execute arbitrary code via the varvalue field due to improper input handling. This results in arbitrary code execution with admin privileges; CVSS scores indicate MEDIUM to HIGH impact across versions. Exploitation deta...
CVE-2018-17134
CVE-2018-17134 affects PHPMyWind 5.5. The vulnerability is an arbitrary code execution flaw in admin/web_config.php that can be exploited by Admin users through the cfg_author field in combination with a crafted cfg_webpath field. The connected documents corroborate the affected product/version a...
CVE-2018-17132
CVE-2018-17132 affects PHPMyWind 5.5: admin/goods_update.php can be abused by Admin users to execute arbitrary code via the attrvalue[] array parameter. The vulnerability arises from how the parameter is handled, enabling code execution with admin privileges. The connected documents confirm the a...
CVE-2018-17133
CVE-2018-17133 affects PHPMyWind 5.5, where admin/web_config.php allows an Admin user to execute arbitrary code via the rewrite url setting. Root cause is improper handling of URL rewrite configuration leading to code execution with admin privileges. Impact is arbitrary code execution; CVSS notes...
CVE-2018-17130
CVE-2018-17130 affects PHPMyWind 5.5, with a cross-site scripting (XSS) flaw in member.php triggered via the HTTP Referer header. Connected sources (CNVD-2018-19539 and CNVD-derived summaries) describe an attacker-capable scenario where the vulnerability can lead to theft of an administrator cook...
PHPMyWind Arbitrary Code Execution Vulnerability
PHPMyWind is a set of PHP and MySQL-based and W3C-compliant enterprise website building solutions. A security vulnerability exists in the admin/webconfig.php file in PHPMyWind version 5.5. The vulnerability can be exploited to execute arbitrary code with the help of the 'cfgauthor' field and the...
PHPMyWind Arbitrary Code Execution Vulnerability (CNVD-2018-19543)
PHPMyWind is a set of PHP and MySQL-based and W3C-compliant enterprise website building solutions. A security vulnerability exists in the admin/webconfig.php file in PHPMyWind version 5.5. The vulnerability can be exploited to execute arbitrary code by rewriting URL settings...
PHPMyWind Arbitrary Code Execution Vulnerability (CNVD-2018-19542)
PHPMyWind is a set of PHP and MySQL-based and W3C-compliant enterprise website building solutions. A security vulnerability exists in the admin/goodsupdate.php file in PHPMyWind version 5.5. The vulnerability can be exploited to execute arbitrary code with the help of the 'attrvalue' array...