Product:

Phpmywind

(Phpmywind)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 22
Date Id Summary Products Score Patch Annotated
2023-06-20 CVE-2020-21400 SQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a remote attacker to execute arbitrary code via the id variable in the modify function. Phpmywind 7.2
2023-04-04 CVE-2020-21060 SQL injection vulnerability found in PHPMyWind v.5.6 allows a remote attacker to gain privileges via the delete function of the administrator management page. Phpmywind 8.8
2021-08-20 CVE-2020-18885 Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/web_config.php'. Phpmywind 7.2
2021-10-14 CVE-2020-19964 A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication. Phpmywind 6.5
2021-09-07 CVE-2021-39503 PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without "<, >, ?, =, `,...." In WriteConfig() function, an attacker can inject php code to /include/config.cache.php file. Phpmywind 7.2
2021-08-20 CVE-2020-18886 Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component 'admin/upload_file_do.php'. Phpmywind 7.2
2021-05-27 CVE-2020-18229 Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_copyright" of component " /admin/web_config.php". Phpmywind 4.8
2021-05-27 CVE-2020-18230 Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_switchshow" of component " /admin/web_config.php". Phpmywind 4.8
2019-09-23 CVE-2019-16704 admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS. Phpmywind N/A
2019-09-23 CVE-2019-16703 admin/infolist_add.php in PHPMyWind 5.6 has stored XSS. Phpmywind N/A