258 matches found
CVE-2020-21400
SQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a remote attacker to execute arbitrary code via the id variable in the modify function...
CVE-2020-21060
SQL injection vulnerability found in PHPMyWind v.5.6 allows a remote attacker to gain privileges via the delete function of the administrator management page...
CVE-2020-21060
SQL injection vulnerability found in PHPMyWind v.5.6 allows a remote attacker to gain privileges via the delete function of the administrator management page...
Sql injection
SQL injection vulnerability found in PHPMyWind v.5.6 allows a remote attacker to gain privileges via the delete function of the administrator management page...
PHPMyWind SQL注入漏洞
PHPMyWind is an enterprise website building solution based on PHP and MySQL and compliant with W3C standards. A security vulnerability exists in PHPMyWind version v.5.6. A remote attacker can exploit this vulnerability to gain privileges via the delete function on the administrator management pag...
PT-2023-11574 · Phpmywind · Phpmywind
Name of the Vulnerable Software and Affected Versions: PHPMyWind version 5.6 Description: A SQL injection issue allows a remote attacker to gain privileges via the delete function of the administrator management page. Recommendations: For PHPMyWind version 5.6, update to a version that includes a...
CVE-2020-21060
PHPMyWind 5.6 is affected by a SQL injection vulnerability in the administrator management page’s delete function, allowing remote attackers with low privileges to gain elevated access. Root cause: improper input handling in the delete operation enables arbitrary SQL execution, leading to potenti...
CVE-2020-21060
SQL injection vulnerability found in PHPMyWind v.5.6 allows a remote attacker to gain privileges via the delete function of the administrator management page...
PHPMyWind Cross-Site Request Forgery Vulnerability
PHPMyWind is a W3C-compliant website building engine developed on PHP MySQL. PHPMyWind version 5.6 is vulnerable to cross-site request forgery. An attacker can use this vulnerability to create a new administrator account without authentication...
CVE-2020-19964
A Cross Site Request Forgery CSRF vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication...
CVE-2020-19964
A Cross Site Request Forgery CSRF vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication...
Cross site request forgery (csrf)
A Cross Site Request Forgery CSRF vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication...
CVE-2020-19964
CVE-2020-19964 concerns a CSRF vulnerability in PHPMyWind 5.6. The vulnerability allows an unauthenticated attacker to create a new administrator account, representing a potential elevation of privileges risk for affected deployments. The available connected sources consistently describe the flaw...
CVE-2020-19964
A Cross Site Request Forgery CSRF vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication...
PHPMyWind 跨站请求伪造漏洞
PHPMyWind is a W3C-compliant website building engine developed on PHP MySQL. PHPMyWind version 5.6 is vulnerable to cross-site request forgery. An attacker can use this vulnerability to create a new administrator account without authentication...
PHPMyWind Remote Code Execution (CVE-2021-39503)
A remote code execution vulnerability exists in PHPMyWind. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
CVE-2021-39503
PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without ", ?, =, ,...." In WriteConfig function, an attacker can inject php code to /include/config.cache.php file...
CVE-2021-39503
PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without ", ?, =, ,...." In WriteConfig function, an attacker can inject php code to /include/config.cache.php file...
Remote code execution
PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without ", ?, =, ,...." In WriteConfig function, an attacker can inject php code to /include/config.cache.php file...
CVE-2021-39503
Summary: CVE-2021-39503 affects PHPMyWind 5.6, enabling Remote Code Execution through a write-time input filter weakness. The vulnerability arises in the WriteConfig() function where input is not properly sanitized of ", ?, =, `" etc., allowing an attacker to inject PHP code into the /include/con...