Published: 07/03/2019 Updated: 08/03/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

An issue exists in PHPMyWind 5.5. The method parameter of the data/api/oauth/connect.php page has a reflected Cross-site Scripting (XSS) vulnerability.

Vulnerability Trend

Github Repositories

This our note

Architecture These exploit of CVEs is together with my colleagues CVE ID Attack Vector Product Reference CVE-2019-7748 Broken Authentication DbNinja [1][2] CVE-2019-7747 Broken Authentication DbNinja [1][2] CVE-2019-7731 Remote Code Execution (RCE) MyWebSQL [1][2] CVE-2019-7730 Cross-site request forgery (CSRF) MyWebSQL [1][2] CVE-2019-7661 (Wait for Published)