Filtered by vendor Phpmywind
Subscriptions
Filtered by product Phpmywind
Subscriptions
Total
22 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-18230 | 1 Phpmywind | 1 Phpmywind | 2024-08-04 | 4.8 Medium |
Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_switchshow" of component " /admin/web_config.php". | ||||
CVE-2021-39503 | 1 Phpmywind | 1 Phpmywind | 2024-08-04 | 7.2 High |
PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without "<, >, ?, =, `,...." In WriteConfig() function, an attacker can inject php code to /include/config.cache.php file. |