258 matches found
CVE-2021-39503
PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without ", ?, =, ,...." In WriteConfig function, an attacker can inject php code to /include/config.cache.php file...
PHPMyWind 代码注入漏洞
PHPMyWind is a set of PHP and MySQL-based and W3C-compliant enterprise website building solutions. A code injection vulnerability exists in PHPMyWind version 5.6, which can be triggered by injecting php code into the file "/include/config.cache.php"...
CVE-2020-18886
Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component 'admin/uploadfiledo.php'...
CVE-2020-18885
Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/webconfig.php'...
CVE-2020-18885
Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/webconfig.php'...
CVE-2020-18886
Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component 'admin/uploadfiledo.php'...
Unrestricted file upload
Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component 'admin/uploadfiledo.php'...
Command injection
Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/webconfig.php'...
CVE-2020-18886
Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component 'admin/uploadfiledo.php'...
CVE-2020-18886
CVE-2020-18886 affects PHPMyWind v5.6 and is caused by an Unrestricted File Upload in the admin/upload_file_do.php component. The provided documents indicate that remote attackers can execute arbitrary code due to this upload vulnerability. No mitigation or fixed version is stated in the connecte...
CVE-2020-18885
Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/webconfig.php'...
CVE-2020-18885
CVE-2020-18885 affects PHPMyWind v5.6, with a command injection vulnerability in the admin/web_config.php component that allows remote attackers to execute arbitrary code via the text color field. Multiple connected sources corroborate the flaw and its impact on remote code execution. Public deta...
PHPMyWind 命令注入漏洞
PHPMyWind is a PHP and MySQL based and W3C compliant solution for building enterprise websites. A command injection vulnerability exists in PHPMyWind, which originates from a command injection in PHPMyWind v5.6. The vulnerability can be exploited to execute arbitrary code via the "text color" fie...
PHPMyWind代码问题漏洞
PHPMyWind is a W3C-compliant enterprise website building solution based on PHP and MySQL. A code issue vulnerability exists in PHPMyWind, which stems from the presence of "Unrestricted File Upload" in PHPMyWind v5.6. The vulnerability can be exploited to execute arbitrary code via the component...
PT-2021-10249 · Phpmywind · Phpmywind
Name of the Vulnerable Software and Affected Versions: PHPMyWind version 5.6 Description: The issue allows remote attackers to execute arbitrary code via the "text color" field of the component "/admin/web config.php". Recommendations: For PHPMyWind version 5.6, consider disabling access to the...
PHPMyWind Cross Site Scripting (CVE-2020-18229)
A cross site scripting vulnerability exists in PHPMyWind. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
PHPMyWind Cross-Site Scripting Vulnerability (CNVD-2021-38773)
PHPMyWind is a set of PHP and MySQL-based and W3C-compliant enterprise website building solutions. A cross-site scripting vulnerability exists in PHPMyWind v5.5 that allows a remote attacker to execute arbitrary code by injecting script into the component "/admin/webconfig.php" with the parameter...
PHPMyWind Cross-Site Scripting Vulnerability (CNVD-2021-38772)
PHPMyWind is a set of PHP and MySQL-based and W3C-compliant enterprise website building solutions. A cross-site scripting vulnerability exists in PHPMyWind v5.5, which allows remote attackers to execute arbitrary code by injecting script into the parameter "$cfgcopyright" in the component...
CVE-2020-18229
Cross Site Scripting XSS in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfgcopyright" of component " /admin/webconfig.php"...
CVE-2020-18230
Cross Site Scripting XSS in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfgswitchshow" of component " /admin/webconfig.php"...