Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Phpmywind Subscribe
Filtered by product Phpmywind
Total 20 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-18885 1 Phpmywind 1 Phpmywind 2022-09-20 6.5 MEDIUM 7.2 HIGH
Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/web_config.php'.
CVE-2020-19964 1 Phpmywind 1 Phpmywind 2021-10-19 4.3 MEDIUM 6.5 MEDIUM
A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication.
CVE-2021-39503 1 Phpmywind 1 Phpmywind 2021-09-14 6.5 MEDIUM 7.2 HIGH
PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without "<, >, ?, =, `,...." In WriteConfig() function, an attacker can inject php code to /include/config.cache.php file.
CVE-2020-18886 1 Phpmywind 1 Phpmywind 2021-08-24 6.5 MEDIUM 7.2 HIGH
Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component 'admin/upload_file_do.php'.
CVE-2020-18229 1 Phpmywind 1 Phpmywind 2021-05-28 3.5 LOW 4.8 MEDIUM
Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_copyright" of component " /admin/web_config.php".
CVE-2020-18230 1 Phpmywind 1 Phpmywind 2021-05-28 3.5 LOW 4.8 MEDIUM
Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_switchshow" of component " /admin/web_config.php".
CVE-2019-7403 1 Phpmywind 1 Phpmywind 2020-08-24 5.5 MEDIUM 4.9 MEDIUM
An issue was discovered in PHPMyWind 5.5. It allows remote attackers to delete arbitrary folders via an admin/database_backup.php?action=import&dopost=deldir&tbname=../ URI.
CVE-2019-7402 1 Phpmywind 1 Phpmywind 2020-08-24 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfg&#95;qqcode parameter. This can be exploited via CSRF.
CVE-2019-16703 1 Phpmywind 1 Phpmywind 2019-09-23 4.3 MEDIUM 6.1 MEDIUM
admin/infolist_add.php in PHPMyWind 5.6 has stored XSS.
CVE-2019-16704 1 Phpmywind 1 Phpmywind 2019-09-23 3.5 LOW 4.8 MEDIUM
admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS.
CVE-2019-7660 1 Phpmywind 1 Phpmywind 2019-03-08 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in PHPMyWind 5.5. The username parameter of the /install/index.php page has a stored Cross-site Scripting (XSS) vulnerability, as demonstrated by admin/login.php.
CVE-2019-7661 1 Phpmywind 1 Phpmywind 2019-03-08 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in PHPMyWind 5.5. The method parameter of the data/api/oauth/connect.php page has a reflected Cross-site Scripting (XSS) vulnerability.
CVE-2019-8435 1 Phpmywind 1 Phpmywind 2019-02-20 3.5 LOW 4.8 MEDIUM
admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header.
CVE-2018-17131 1 Phpmywind 1 Phpmywind 2018-11-01 6.5 MEDIUM 7.2 HIGH
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field.
CVE-2018-17132 1 Phpmywind 1 Phpmywind 2018-11-01 6.5 MEDIUM 7.2 HIGH
admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter.
CVE-2018-17133 1 Phpmywind 1 Phpmywind 2018-11-01 6.5 MEDIUM 7.2 HIGH
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting.
CVE-2018-17134 1 Phpmywind 1 Phpmywind 2018-11-01 6.5 MEDIUM 7.2 HIGH
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field.
CVE-2018-17130 1 Phpmywind 1 Phpmywind 2018-11-01 3.5 LOW 5.4 MEDIUM
PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header,
CVE-2018-11487 1 Phpmywind 1 Phpmywind 2018-06-27 4.3 MEDIUM 6.1 MEDIUM
PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php.
CVE-2017-12984 1 Phpmywind 1 Phpmywind 2017-09-05 4.3 MEDIUM 6.1 MEDIUM
PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php.