Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Phpmywind
(Phpmywind)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 22 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2023-06-20 | CVE-2020-21400 | SQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a remote attacker to execute arbitrary code via the id variable in the modify function. | Phpmywind | 7.2 | ||
2023-04-04 | CVE-2020-21060 | SQL injection vulnerability found in PHPMyWind v.5.6 allows a remote attacker to gain privileges via the delete function of the administrator management page. | Phpmywind | 8.8 | ||
2021-08-20 | CVE-2020-18885 | Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/web_config.php'. | Phpmywind | 7.2 | ||
2021-10-14 | CVE-2020-19964 | A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication. | Phpmywind | 6.5 | ||
2021-09-07 | CVE-2021-39503 | PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without "<, >, ?, =, `,...." In WriteConfig() function, an attacker can inject php code to /include/config.cache.php file. | Phpmywind | 7.2 | ||
2021-08-20 | CVE-2020-18886 | Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component 'admin/upload_file_do.php'. | Phpmywind | 7.2 | ||
2021-05-27 | CVE-2020-18229 | Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_copyright" of component " /admin/web_config.php". | Phpmywind | 4.8 | ||
2021-05-27 | CVE-2020-18230 | Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_switchshow" of component " /admin/web_config.php". | Phpmywind | 4.8 | ||
2019-09-23 | CVE-2019-16704 | admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS. | Phpmywind | N/A | ||
2019-09-23 | CVE-2019-16703 | admin/infolist_add.php in PHPMyWind 5.6 has stored XSS. | Phpmywind | N/A |