Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpmywind vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-7661
An issue exists in PHPMyWind 5.5. The method parameter of the data/api/oauth/connect.php page has a reflected Cross-site Scripting (XSS) vulnerability.
Phpmywind Phpmywind
4.3
CVSSv2
CVE-2019-7660
An issue exists in PHPMyWind 5.5. The username parameter of the /install/index.php page has a stored Cross-site Scripting (XSS) vulnerability, as demonstrated by admin/login.php.
Phpmywind Phpmywind
3.5
CVSSv2
CVE-2018-17130
PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header,
Phpmywind Phpmywind 5.5
6.5
CVSSv2
CVE-2018-17132
admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter.
Phpmywind Phpmywind 5.5
6.5
CVSSv2
CVE-2018-17133
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting.
Phpmywind Phpmywind 5.5
4.3
CVSSv2
CVE-2017-12984
PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php.
Phpmywind Phpmywind 5.3
1 EDB exploit
3.5
CVSSv2
CVE-2020-18230
Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote malicious users to execute arbitrary code by injecting scripts into the parameter "$cfg_switchshow" of component " /admin/web_config.php".
Phpmywind Phpmywind 5.5
6.5
CVSSv2
CVE-2018-17134
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field.
Phpmywind Phpmywind 5.5
NA
CVE-2020-21060
SQL injection vulnerability found in PHPMyWind v.5.6 allows a remote malicious user to gain privileges via the delete function of the administrator management page.
Phpmywind Phpmywind 5.6
NA
CVE-2020-21400
SQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a remote malicious user to execute arbitrary code via the id variable in the modify function.
Phpmywind Phpmywind 5.6
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29758
CVE-2023-42931
unauthorized
CVE-2024-1540
unprivileged
CVE-2023-24955
CVE-2024-20259
logic flaw
CVE-2024-20333
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »