Phpmywind

phpmywind

22 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Phpmywind

phpmywind

22 CVEs

CVEs (22)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-21400 1Phpmywind 1Phpmywind Dec 10, 2024 Jun 20, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 SQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a remote attacker to execute arbitrary code via the id variable in the modify function.
CVE-2020-21060 1Phpmywind 1Phpmywind Feb 13, 2025 Apr 4, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 SQL injection vulnerability found in PHPMyWind v.5.6 allows a remote attacker to gain privileges via the delete function of the administrator management page.
CVE-2020-19964 1Phpmywind 1Phpmywind Nov 21, 2024 Oct 14, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication.
CVE-2021-39503 1Phpmywind 1Phpmywind Nov 21, 2024 Sep 7, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without "<, >, ?, =, `,...." In WriteConfig() function, an attacker can inject php code to /include/config.cache.php file.
CVE-2020-18886 1Phpmywind 1Phpmywind Nov 21, 2024 Aug 20, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component 'admin/upload_file_do.php'.
CVE-2020-18885 1Phpmywind 1Phpmywind Nov 21, 2024 Aug 20, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/web_config.php'.
CVE-2020-18230 1Phpmywind 1Phpmywind Nov 21, 2024 May 27, 2021 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_switchshow" of component " /admin/web_config.php".
CVE-2020-18229 1Phpmywind 1Phpmywind Nov 21, 2024 May 27, 2021 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_copyright" of component " /admin/web_config.php".
CVE-2019-16704 1Phpmywind 1Phpmywind Nov 21, 2024 Sep 23, 2019 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS.
CVE-2019-16703 1Phpmywind 1Phpmywind Nov 21, 2024 Sep 23, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 admin/infolist_add.php in PHPMyWind 5.6 has stored XSS.
CVE-2019-7661 1Phpmywind 1Phpmywind Nov 21, 2024 Mar 7, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in PHPMyWind 5.5. The method parameter of the data/api/oauth/connect.php page has a reflected Cross-site Scripting (XSS) vulnerability.
CVE-2019-7660 1Phpmywind 1Phpmywind Nov 21, 2024 Mar 7, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in PHPMyWind 5.5. The username parameter of the /install/index.php page has a stored Cross-site Scripting (XSS) vulnerability, as demonstrated by admin/login.php.
CVE-2019-8435 1Phpmywind 1Phpmywind Nov 21, 2024 Feb 18, 2019 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header.
CVE-2019-7403 1Phpmywind 1Phpmywind Nov 21, 2024 Feb 5, 2019 N/A· v4 4.9 MEDIUM· v3 5.5 MEDIUM· v2 An issue was discovered in PHPMyWind 5.5. It allows remote attackers to delete arbitrary folders via an admin/database_backup.php?action=import&dopost=deldir&tbname=../ URI.
CVE-2019-7402 1Phpmywind 1Phpmywind Nov 21, 2024 Feb 5, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfg_qqcode parameter. This can be exploited via CSRF.
CVE-2018-17134 1Phpmywind 1Phpmywind Nov 21, 2024 Sep 17, 2018 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field.
CVE-2018-17133 1Phpmywind 1Phpmywind Nov 21, 2024 Sep 17, 2018 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting.
CVE-2018-17132 1Phpmywind 1Phpmywind Nov 21, 2024 Sep 17, 2018 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter.
CVE-2018-17131 1Phpmywind 1Phpmywind Nov 21, 2024 Sep 17, 2018 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field.
CVE-2018-17130 1Phpmywind 1Phpmywind Nov 21, 2024 Sep 17, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header,

12 Next