mywebsql vulnerabilities and exploits

4.3
CVSSv2
CVE-2019-7661

An issue was discovered in PHPMyWind 5.5. The method parameter of the data/api/oauth/connect.php page has a reflected Cross-site Scripting (XSS) vulnerability....

Phpmywind
4.3
CVSSv2
CVE-2019-7660

An issue was discovered in PHPMyWind 5.5. The username parameter of the /install/index.php page has a stored Cross-site Scripting (XSS) vulnerability, as demonstrated by admin/login.php....

Phpmywind
4.3
CVSSv2
CVE-2019-7748

_includes\online.php in DbNinja 3.2.7 allows XSS via the data.php task parameter if _users/admin/tasks.php exists....

Dbninja
6.8
CVSSv2
CVE-2019-7747

DbNinja 3.2.7 allows session fixation via the data.php sessid parameter....

Dbninja
4.9
CVSSv2
CVE-2019-7730

MyWebSQL 3.7 has a Cross-site request forgery (CSRF) vulnerability for deleting a database via the /?q=wrkfrm&type=databases URI....

Mywebsql
7.5
CVSSv2
CVE-2019-7731

MyWebSQL 3.7 has a remote code execution (RCE) vulnerability after an attacker writes shell code into the database, and executes the Backup Database function with a .php filename for the backup's archive file....

Mywebsql
3.5
CVSSv2
CVE-2019-7547

An issue was discovered in SIDU 6.0. Because the database name is not strictly filtered, the attacker can insert a name containing an XSS Payload, leading to stored XSS....

TopnewSidu
4.3
CVSSv2
CVE-2019-7543

In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability....

KindsoftKindeditor
3.5
CVSSv2
CVE-2019-7544

An issue was discovered in MyWebSQL 3.7. The Add User function of the User Manager pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name Field....

Mywebsql
3.5
CVSSv2
CVE-2019-7545

In DbNinja 3.2.7, the Add Host function of the Manage Hosts pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name field....

Dbninja