phpmywind

Top products

The 15 most recently published vulnerabilities affecting phpmywind.

• CVE-2020-21400SQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a remote attacker to execute arbitrary code via the id variable in the modify function.7.2Jun 20, 2023
• CVE-2020-21060SQL injection vulnerability found in PHPMyWind v.5.6 allows a remote attacker to gain privileges via the delete function of the administrator management page.8.8Apr 4, 2023
• CVE-2020-19964A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication.6.5Oct 14, 2021
• CVE-2021-39503PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without "<, >, ?, =, `,...." In WriteConfig() function, an attacker can inject php code to /include/config.cache.php f...7.2Sep 7, 2021
• CVE-2020-18886Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component 'admin/upload_file_do.php'.7.2Aug 20, 2021
• CVE-2020-18885Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/web_config.php'.7.2Aug 20, 2021
• CVE-2020-18229Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_copyright" of component " /admin/web_config.php".4.8May 27, 2021
• CVE-2020-18230Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_switchshow" of component " /admin/web_config.php".4.8May 27, 2021
• CVE-2019-16704admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS.4.8Sep 23, 2019
• CVE-2019-16703admin/infolist_add.php in PHPMyWind 5.6 has stored XSS.6.1Sep 23, 2019
• CVE-2019-7661An issue was discovered in PHPMyWind 5.5. The method parameter of the data/api/oauth/connect.php page has a reflected Cross-site Scripting (XSS) vulnerability.6.1Mar 7, 2019
• CVE-2019-7660An issue was discovered in PHPMyWind 5.5. The username parameter of the /install/index.php page has a stored Cross-site Scripting (XSS) vulnerability, as demonstrated by admin/login.php.6.1Mar 7, 2019
• CVE-2019-8435admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header.4.8Feb 18, 2019
• CVE-2019-7403An issue was discovered in PHPMyWind 5.5. It allows remote attackers to delete arbitrary folders via an admin/database_backup.php?action=import&dopost=deldir&tbname=../ URI.4.9Feb 5, 2019
• CVE-2019-7402An issue was discovered in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfg&#95;qqcode parameter. This can be exploited via CSRF.6.1Feb 5, 2019