Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpmywind vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2020-18885
Command Injection in PHPMyWind v5.6 allows remote malicious users to execute arbitrary code via the "text color" field of the component '/admin/web_config.php'.
Phpmywind Phpmywind 5.6
7.2
CVSSv3
CVE-2020-18886
Unrestricted File Upload in PHPMyWind v5.6 allows remote malicious users to execute arbitrary code via the component 'admin/upload_file_do.php'.
Phpmywind Phpmywind 5.6
4.8
CVSSv3
CVE-2020-18229
Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote malicious users to execute arbitrary code by injecting scripts into the parameter "$cfg_copyright" of component " /admin/web_config.php".
Phpmywind Phpmywind 5.5
4.8
CVSSv3
CVE-2020-18230
Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote malicious users to execute arbitrary code by injecting scripts into the parameter "$cfg_switchshow" of component " /admin/web_config.php".
Phpmywind Phpmywind 5.5
6.1
CVSSv3
CVE-2018-11487
PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php.
Phpmywind Phpmywind 5.5
8.8
CVSSv3
CVE-2020-21060
SQL injection vulnerability found in PHPMyWind v.5.6 allows a remote malicious user to gain privileges via the delete function of the administrator management page.
Phpmywind Phpmywind 5.6
6.5
CVSSv3
CVE-2020-19964
A Cross Site Request Forgery (CSRF) vulnerability exists in PHPMyWind 5.6 which allows malicious users to create a new administrator account without authentication.
Phpmywind Phpmywind 5.6
7.2
CVSSv3
CVE-2021-39503
PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without "<, >, ?, =, `,...." In WriteConfig() function, an attacker can inject php code to /include/config.cache.php file.
Phpmywind Phpmywind 5.6
4.8
CVSSv3
CVE-2019-8435
admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header.
Phpmywind Phpmywind 5.5
6.1
CVSSv3
CVE-2017-12984
PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php.
Phpmywind Phpmywind 5.3
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »