Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpmywind vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2018-17132
admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter.
Phpmywind Phpmywind 5.5
578
VMScore
CVE-2018-17134
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field.
Phpmywind Phpmywind 5.5
NA
CVE-2020-21400
SQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a remote malicious user to execute arbitrary code via the id variable in the modify function.
Phpmywind Phpmywind 5.6
NA
CVE-2020-21060
SQL injection vulnerability found in PHPMyWind v.5.6 allows a remote malicious user to gain privileges via the delete function of the administrator management page.
Phpmywind Phpmywind 5.6
312
VMScore
CVE-2019-8435
admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header.
Phpmywind Phpmywind 5.5
383
VMScore
CVE-2018-11487
PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php.
Phpmywind Phpmywind 5.5
383
VMScore
CVE-2019-7402
An issue exists in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfg_qqcode parameter. This can be exploited via CSRF.
Phpmywind Phpmywind 5.5
490
VMScore
CVE-2019-7403
An issue exists in PHPMyWind 5.5. It allows remote malicious users to delete arbitrary folders via an admin/database_backup.php?action=import&dopost=deldir&tbname=../ URI.
Phpmywind Phpmywind 5.5
383
VMScore
CVE-2020-19964
A Cross Site Request Forgery (CSRF) vulnerability exists in PHPMyWind 5.6 which allows malicious users to create a new administrator account without authentication.
Phpmywind Phpmywind 5.6
578
VMScore
CVE-2021-39503
PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without "<, >, ?, =, `,...." In WriteConfig() function, an attacker can inject php code to /include/config.cache.php file.
Phpmywind Phpmywind 5.6
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924
CVE-2024-3400
overflow
CVE-2024-23528
CVE-2024-21338
CVE-2024-3818
CVE-2024-23535
NULL pointer dereference
elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »