Lucene search

K

Phpmywind Security Vulnerabilities

cve
cve

CVE-2020-21400

SQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a remote attacker to execute arbitrary code via the id variable in the modify...

7.2CVSS

7.4AI Score

0.001EPSS

2023-06-20 03:15 PM
16
cve
cve

CVE-2020-21060

SQL injection vulnerability found in PHPMyWind v.5.6 allows a remote attacker to gain privileges via the delete function of the administrator management...

8.8CVSS

8.9AI Score

0.001EPSS

2023-04-04 03:15 PM
9
cve
cve

CVE-2019-8435

admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host...

4.8CVSS

4.9AI Score

0.001EPSS

2022-10-03 04:19 PM
19
cve
cve

CVE-2019-7402

An issue was discovered in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfg_qqcode parameter. This can be exploited via...

6.1CVSS

5.9AI Score

0.001EPSS

2022-10-03 04:19 PM
17
cve
cve

CVE-2019-7403

An issue was discovered in PHPMyWind 5.5. It allows remote attackers to delete arbitrary folders via an admin/database_backup.php?action=import&dopost=deldir&tbname=../...

4.9CVSS

5.3AI Score

0.001EPSS

2022-10-03 04:19 PM
18
cve
cve

CVE-2020-19964

A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without...

6.5CVSS

6.4AI Score

0.001EPSS

2021-10-14 03:15 PM
17
cve
cve

CVE-2021-39503

PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without "<, >, ?, =, `,...." In WriteConfig() function, an attacker can inject php code to /include/config.cache.php...

7.2CVSS

7.1AI Score

0.005EPSS

2021-09-07 08:15 PM
29
cve
cve

CVE-2020-18886

Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component...

7.2CVSS

7.4AI Score

0.008EPSS

2021-08-20 02:15 PM
21
cve
cve

CVE-2020-18885

Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component...

7.2CVSS

7.5AI Score

0.002EPSS

2021-08-20 02:15 PM
27
3
cve
cve

CVE-2020-18229

Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_copyright" of component "...

4.8CVSS

5.3AI Score

0.001EPSS

2021-05-27 04:15 PM
20
2
cve
cve

CVE-2020-18230

Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_switchshow" of component "...

4.8CVSS

5.4AI Score

0.001EPSS

2021-05-27 04:15 PM
17
3
cve
cve

CVE-2019-16703

admin/infolist_add.php in PHPMyWind 5.6 has stored...

6.1CVSS

6.2AI Score

0.001EPSS

2019-09-23 04:15 AM
132
cve
cve

CVE-2019-16704

admin/infoclass_update.php in PHPMyWind 5.6 has stored...

4.8CVSS

5.1AI Score

0.001EPSS

2019-09-23 04:15 AM
138
cve
cve

CVE-2019-7661

An issue was discovered in PHPMyWind 5.5. The method parameter of the data/api/oauth/connect.php page has a reflected Cross-site Scripting (XSS)...

6.1CVSS

6AI Score

0.001EPSS

2019-03-07 11:29 PM
18
cve
cve

CVE-2019-7660

An issue was discovered in PHPMyWind 5.5. The username parameter of the /install/index.php page has a stored Cross-site Scripting (XSS) vulnerability, as demonstrated by...

6.1CVSS

5.9AI Score

0.001EPSS

2019-03-07 11:29 PM
16
cve
cve

CVE-2018-17132

admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array...

7.2CVSS

7.3AI Score

0.001EPSS

2018-09-17 04:29 AM
22
cve
cve

CVE-2018-17131

admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue...

7.2CVSS

7.3AI Score

0.001EPSS

2018-09-17 04:29 AM
19
cve
cve

CVE-2018-17130

PHPMyWind 5.5 has XSS in member.php via an HTTP Referer...

5.4CVSS

5.2AI Score

0.001EPSS

2018-09-17 04:29 AM
19
cve
cve

CVE-2018-17133

admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url...

7.2CVSS

7.3AI Score

0.001EPSS

2018-09-17 04:29 AM
19
cve
cve

CVE-2018-17134

admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath...

7.2CVSS

7.2AI Score

0.001EPSS

2018-09-17 04:29 AM
17
cve
cve

CVE-2018-11487

PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or...

6.1CVSS

5.9AI Score

0.001EPSS

2018-05-26 03:29 PM
16
cve
cve

CVE-2017-12984

PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and...

6.1CVSS

5.9AI Score

0.001EPSS

2017-08-21 07:29 AM
33