CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without ", ?, =, ,...." In WriteConfig function, an attacker can inject php code to /include/config.cache.php file...

7.2CVSS7.4AI score0.0273EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 4:29 p.m.•5 views

CVE-2020-21060

SQL injection vulnerability found in PHPMyWind v.5.6 allows a remote attacker to gain privileges via the delete function of the administrator management page...

8.8CVSS8.2AI score0.00919EPSS

Exploits1

RedhatCVE•added 2025/05/22 4:27 p.m.•4 views

CVE-2020-18230

Cross Site Scripting XSS in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfgswitchshow" of component " /admin/webconfig.php"...

4.8CVSS6.8AI score0.00984EPSS

Exploits1

RedhatCVE•added 2025/05/22 4:3 p.m.•7 views

CVE-2020-18885

Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/webconfig.php'...

7.2CVSS8.4AI score0.03871EPSS

Exploits1

RedhatCVE•added 2025/05/22 3:47 p.m.•5 views

CVE-2020-21400

SQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a remote attacker to execute arbitrary code via the id variable in the modify function...

7.2CVSS8.6AI score0.01127EPSS

Exploits1

RedhatCVE•added 2025/05/22 3:17 p.m.•6 views

CVE-2020-19964

A Cross Site Request Forgery CSRF vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication...

6.5CVSS7AI score0.0064EPSS

Exploits1

RedhatCVE•added 2025/05/22 3:16 p.m.•3 views

CVE-2020-18886

Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component 'admin/uploadfiledo.php'...

7.2CVSS8.1AI score0.01803EPSS

Exploits1

RedhatCVE•added 2025/05/22 3:16 p.m.•4 views

CVE-2020-18229

Cross Site Scripting XSS in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfgcopyright" of component " /admin/webconfig.php"...

4.8CVSS6.8AI score0.00932EPSS

Exploits1

RedhatCVE•added 2025/05/22 8:53 a.m.•5 views

CVE-2019-8435

admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header...

4.8CVSS5.9AI score0.00583EPSS

Exploits1References1

CNVD•added 2023/06/28 12:0 a.m.•28 views

PHPMyWind SQL Injection Vulnerability (CNVD-2023-64090)

PHPMyWind is a set of PHP and MySQL-based and W3C-compliant enterprise website building solutions. A SQL injection vulnerability exists in PHPMyWind v.5.6, which can be exploited by remote attackers to execute arbitrary code via the id variable in the modify function...

7.2CVSS9AI score0.01127EPSS

Exploits1References1

OSV•added 2023/06/20 3:15 p.m.•2 views

CVE-2020-21400

SQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a remote attacker to execute arbitrary code via the id variable in the modify function...

7.2CVSS6.1AI score0.01127EPSS

Exploits1References1

CVE•added 2023/06/20 12:0 a.m.•55 views

CVE-2020-21400

CVE-2020-21400 concerns a SQL injection in the PHPMyWind 5.6 web app by gaozhifeng . The vulnerability affects the modify function where an attacker can manipulate the id variable to execute arbitrary code on the server. This is documented across multiple connected sources as a remote, network-ex...

7.2CVSS7.4AI score0.01127EPSS

Exploits1References1Affected Software1

Cvelist•added 2023/06/20 12:0 a.m.•12 views

CVE-2020-21400

SQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a remote attacker to execute arbitrary code via the id variable in the modify function...

7.4AI score0.01127EPSS

Exploits1References1

CNNVD•added 2023/06/20 12:0 a.m.•4 views

PHPMyWind SQL注入漏洞

7.2CVSS8.8AI score0.01127EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by