PHPMyWind shoppingcart.php file cross-site scripting vulnerability

PHPMyWind is a set of PHP and MySQL-based, W3C-compliant enterprise website building solutions. A cross-site scripting vulnerability exists in the PHPMyWind shoppingcart.php file, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used...

SQL Injection Vulnerability in PHPMyWind sysevent.php File

PHPMyWind is a PHP MySQL-based development , W3C-compliant building engine . A SQL injection vulnerability exists in the PHPMyWind sysevent.php file. The vulnerability is due to the system siteid parameter does not filter the data submitted by the user, a remote attacker can exploit the...

CVE-2017-12984

PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/messageupdate.php...

Design/Logic Flaw

PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/messageupdate.php...

CVE-2017-12984

PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/messageupdate.php...

CVE-2017-12984

PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/messageupdate.php...

CVE-2017-12984

PHPMyWind 5.3 is affected by a cross-site scripting (XSS) vulnerability in shoppingcart.php, with related exposure through message.php and admin/message*. The CVE-2017-12984 entry confirms XSS in shoppingcart.php and references associated files (message.php, admin/message.php, admin/message_updat...

phpmywind <=5.4 version of the backstage blind official website demo to verify

No description provided by source...

PHPMyWind 5.3 Cross Site Scripting

Exploit Titlei1/4PHPMyWind 5.3 has XSS Exploit Author:adege" Vendor Homepage:http://phpmywind.com Software Link:http://phpmywind.com/downloads/PHPMyWind5.3.zip Version:5.3 CVE:CVE-2017-12984 $r= $dosql-GetOne"SELECT Maxorderid AS orderid FROM @message"; $orderid= empty$r'orderid' ? 1 : $r'orderid...

PHPMyWind 5.3 - Cross-Site Scripting

PHPMyWind 5.3 - Cross-Site Scripting Exploit Title：PHPMyWind 5.3 has XSS Exploit Author:小雨 Vendor Homepage:http://phpmywind.com Software Link:http://phpmywind.com/downloads/PHPMyWind5.3.zip Version:5.3 CVE:CVE-2017-12984 $r= $dosql-GetOne"SELECT Maxorderid AS orderid FROM @message"; $orderid=...

PHPMyWind 5.3 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title：PHPMyWind 5.3 has XSS Vendor Homepage:http://phpmywind.com Software Link:http://phpmywind.com/downloads/PHPMyWind5.3.zip Version:5.3 CVE:CVE-2017-12984 $r= $dosql-GetOne"SELECT Maxorderid AS orderid FROM @message"; $orderid=...

PHPMyWind 5.3 - Cross-Site Scripting

Exploit Title：PHPMyWind 5.3 has XSS Exploit Author:小雨 Vendor Homepage:http://phpmywind.com Software Link:http://phpmywind.com/downloads/PHPMyWind5.3.zip Version:5.3 CVE:CVE-2017-12984 $r= $dosql-GetOne"SELECT Maxorderid AS orderid FROM @message"; $orderid= empty$r'orderid' ? 1 : $r'orderid' + 1;...

Arbitrary code writing vulnerability in phpmywind cms

PHPMyWind is a PHP MySQL-based development , W3C-compliant building engine . An arbitrary code write vulnerability exists in phpmywind cms, which can be exploited by attackers to gain service privileges...

PHPMyWind v5. 4 background arbitrary file deletion

No description provided by source...

phpmywind 前台留言处存储型XSS漏洞

No description provided by source...

phpmywind admin/infoclass_save.php第二处sql注入

No description provided by source...

phpmywind /admin/paymode_save.php sql注入

No description provided by source...

phpmywind admin路径下多处sql注入

No description provided by source...

phpMyWind v5.3 /goodsshow.php 代码执行

No description provided by source...

PHPMyWind 5.0后台管理界面的SQL注入漏洞

No description provided by source...