6.1
CVSSv3

CVE-2017-12984

Published: 21/08/2017 Updated: 06/09/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php.

Affected Products

Vendor Product Versions
PhpmywindPhpmywind5.3

Exploits

Exploit Title:PHPMyWind 53 has XSS Exploit Author:小雨 Vendor Homepage:phpmywindcom Software Link:phpmywindcom/downloads/PHPMyWind_53zip Version:53 CVE:CVE-2017-12984 $r= $dosql->GetOne("SELECT Max(orderid) AS orderid FROM `#@__message`"); $orderid= (empty($r['orderid']) ? 1 : ($r['orderid'] + 1)); ...

Mailing Lists

Exploit Titlei1/4PHPMyWind 53 has XSSExploit Author:adege"Vendor Homepage:phpmywindcomSoftware Link:phpmywindcom/downloads/PHPMyWind_53zipVersion:53CVE:CVE-2017-12984 $r= $dosql->GetOne("SELECT Max(orderid) AS orderid FROM `#@__message`"); $orderid= (empty($r['orderid']) ? 1 : ($r['orderid'] + 1)); ...