Phpmywind Security Vulnerabilities
SQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a remote attacker to execute arbitrary code via the id variable in the modify...
7.2CVSS
7.4AI Score
0.001EPSS
SQL injection vulnerability found in PHPMyWind v.5.6 allows a remote attacker to gain privileges via the delete function of the administrator management...
8.8CVSS
8.9AI Score
0.001EPSS
4.8CVSS
4.9AI Score
0.001EPSS
An issue was discovered in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfg_qqcode parameter. This can be exploited via...
6.1CVSS
5.9AI Score
0.001EPSS
An issue was discovered in PHPMyWind 5.5. It allows remote attackers to delete arbitrary folders via an admin/database_backup.php?action=import&dopost=deldir&tbname=../...
4.9CVSS
5.3AI Score
0.001EPSS
A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without...
6.5CVSS
6.4AI Score
0.001EPSS
PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without "<, >, ?, =, `,...." In WriteConfig() function, an attacker can inject php code to /include/config.cache.php...
7.2CVSS
7.1AI Score
0.005EPSS
Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component...
7.2CVSS
7.4AI Score
0.008EPSS
Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component...
7.2CVSS
7.5AI Score
0.002EPSS
Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_copyright" of component "...
4.8CVSS
5.3AI Score
0.001EPSS
Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_switchshow" of component "...
4.8CVSS
5.4AI Score
0.001EPSS
6.1CVSS
6.2AI Score
0.001EPSS
4.8CVSS
5.1AI Score
0.001EPSS
An issue was discovered in PHPMyWind 5.5. The method parameter of the data/api/oauth/connect.php page has a reflected Cross-site Scripting (XSS)...
6.1CVSS
6AI Score
0.001EPSS
An issue was discovered in PHPMyWind 5.5. The username parameter of the /install/index.php page has a stored Cross-site Scripting (XSS) vulnerability, as demonstrated by...
6.1CVSS
5.9AI Score
0.001EPSS
admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array...
7.2CVSS
7.3AI Score
0.001EPSS
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue...
7.2CVSS
7.3AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url...
7.2CVSS
7.3AI Score
0.001EPSS
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath...
7.2CVSS
7.2AI Score
0.001EPSS
PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or...
6.1CVSS
5.9AI Score
0.001EPSS
PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and...
6.1CVSS
5.9AI Score
0.001EPSS