Filtered by vendor Phpmywind
Subscriptions
Total
22 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-7403 | 1 Phpmywind | 1 Phpmywind | 2024-09-17 | N/A |
| An issue was discovered in PHPMyWind 5.5. It allows remote attackers to delete arbitrary folders via an admin/database_backup.php?action=import&dopost=deldir&tbname=../ URI. | ||||
| CVE-2019-7402 | 1 Phpmywind | 1 Phpmywind | 2024-09-16 | N/A |
| An issue was discovered in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfg_qqcode parameter. This can be exploited via CSRF. | ||||
| CVE-2019-8435 | 1 Phpmywind | 1 Phpmywind | 2024-09-16 | N/A |
| admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header. | ||||
| CVE-2017-12984 | 1 Phpmywind | 1 Phpmywind | 2024-08-05 | N/A |
| PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php. | ||||
| CVE-2018-17133 | 1 Phpmywind | 1 Phpmywind | 2024-08-05 | N/A |
| admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting. | ||||
| CVE-2018-17131 | 1 Phpmywind | 1 Phpmywind | 2024-08-05 | N/A |
| admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field. | ||||
| CVE-2018-17132 | 1 Phpmywind | 1 Phpmywind | 2024-08-05 | N/A |
| admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter. | ||||
| CVE-2018-17134 | 1 Phpmywind | 1 Phpmywind | 2024-08-05 | N/A |
| admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field. | ||||
| CVE-2018-17130 | 1 Phpmywind | 1 Phpmywind | 2024-08-05 | N/A |
| PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header, | ||||
| CVE-2018-11487 | 1 Phpmywind | 1 Phpmywind | 2024-08-05 | N/A |
| PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php. | ||||
| CVE-2019-16704 | 1 Phpmywind | 1 Phpmywind | 2024-08-05 | 4.8 Medium |
| admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS. | ||||
| CVE-2019-16703 | 1 Phpmywind | 1 Phpmywind | 2024-08-05 | 6.1 Medium |
| admin/infolist_add.php in PHPMyWind 5.6 has stored XSS. | ||||
| CVE-2019-7660 | 1 Phpmywind | 1 Phpmywind | 2024-08-04 | N/A |
| An issue was discovered in PHPMyWind 5.5. The username parameter of the /install/index.php page has a stored Cross-site Scripting (XSS) vulnerability, as demonstrated by admin/login.php. | ||||
| CVE-2019-7661 | 1 Phpmywind | 1 Phpmywind | 2024-08-04 | N/A |
| An issue was discovered in PHPMyWind 5.5. The method parameter of the data/api/oauth/connect.php page has a reflected Cross-site Scripting (XSS) vulnerability. | ||||
| CVE-2020-21400 | 1 Phpmywind | 1 Phpmywind | 2024-08-04 | 7.2 High |
| SQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a remote attacker to execute arbitrary code via the id variable in the modify function. | ||||
| CVE-2020-21060 | 1 Phpmywind | 1 Phpmywind | 2024-08-04 | 8.8 High |
| SQL injection vulnerability found in PHPMyWind v.5.6 allows a remote attacker to gain privileges via the delete function of the administrator management page. | ||||
| CVE-2020-19964 | 1 Phpmywind | 1 Phpmywind | 2024-08-04 | 6.5 Medium |
| A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication. | ||||
| CVE-2020-18885 | 1 Phpmywind | 1 Phpmywind | 2024-08-04 | 7.2 High |
| Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/web_config.php'. | ||||
| CVE-2020-18886 | 1 Phpmywind | 1 Phpmywind | 2024-08-04 | 7.2 High |
| Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component 'admin/upload_file_do.php'. | ||||
| CVE-2020-18229 | 1 Phpmywind | 1 Phpmywind | 2024-08-04 | 4.8 Medium |
| Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_copyright" of component " /admin/web_config.php". | ||||