Known Vulnerabilities for products from Phpmywind

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Phpmywind".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-39503 PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without "<, >, ?, =, `,...." In WriteConfig() ... 7.2 - HIGH 2021-09-07 2021-09-14
CVE-2020-19964 A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new admi... 6.5 - MEDIUM 2021-10-14 2021-10-19
CVE-2020-18886 Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component 'admin/upload_... 7.2 - HIGH 2021-08-20 2021-08-24
CVE-2020-18885 Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the compo... 7.2 - HIGH 2021-08-20 2021-08-24
CVE-2020-18230 Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the ... 4.8 - MEDIUM 2021-05-27 2021-05-28
CVE-2020-18229 Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the ... 4.8 - MEDIUM 2021-05-27 2021-05-28
CVE-2019-16704 admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS. 4.8 - MEDIUM 2019-09-23 2019-09-23
CVE-2019-16703 admin/infolist_add.php in PHPMyWind 5.6 has stored XSS. 6.1 - MEDIUM 2019-09-23 2019-09-23
CVE-2019-8435 admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header. 4.8 - MEDIUM 2019-02-18 2019-02-20
CVE-2019-7661 An issue was discovered in PHPMyWind 5.5. The method parameter of the data/api/oauth/connect.php page has a reflected Cross-s... 6.1 - MEDIUM 2019-03-07 2019-03-08
CVE-2019-7660 An issue was discovered in PHPMyWind 5.5. The username parameter of the /install/index.php page has a stored Cross-site Scrip... 6.1 - MEDIUM 2019-03-07 2019-03-08
CVE-2019-7403 An issue was discovered in PHPMyWind 5.5. It allows remote attackers to delete arbitrary folders via an admin/database_backup... 4.9 - MEDIUM 2019-02-05 2020-08-24
CVE-2019-7402 An issue was discovered in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfg_qqcode para... 6.1 - MEDIUM 2019-02-05 2020-08-24
CVE-2018-17134 admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction wi... 7.2 - HIGH 2018-09-17 2018-11-01
CVE-2018-17133 admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting. 7.2 - HIGH 2018-09-17 2018-11-01
CVE-2018-17132 admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter. 7.2 - HIGH 2018-09-17 2018-11-01
CVE-2018-17131 admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field. 7.2 - HIGH 2018-09-17 2018-11-01
CVE-2018-17130 PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header, 5.4 - MEDIUM 2018-09-17 2018-11-01
CVE-2018-11487 PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php. 6.1 - MEDIUM 2018-05-26 2018-06-27
CVE-2017-12984 PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php. 6.1 - MEDIUM 2017-08-21 2017-09-06

Known software with vulnerabilities from Phpmywind

Type Vendor Product Version
ApplicationPhpmywindPhpmywind2.1.0

Popular searches for "Phpmywind"

PHPMyWind 首页

phpmywind.com

MyWind MyWind HP MySQLW3C PHPMyWind

2015 Israeli legislative election 1999 Israeli general election 2003 World Championships in Athletics Saturday Night Live (season 15) 15& 20 (number) 15th arrondissement of Paris Route 20 (MTA Maryland) Route 15 (MTA Maryland) The Simpsons (season 15) 20th arrondissement of Paris The Simpsons (season 20) Division No. 15, Saskatchewan 15 2003 Green Bay Packers season British Rail Class 03 British Rail Class 20

Phpmywind / PHPMyWind 首页>

phpmywind.com.siteindices.com

Phpmywind / PHPMyWind > MyWind HP MySQLW3C PHPMyWind Check phpmywind H F D valuation, traffic estimations and owner info. Full analysis about phpmywind

WHOIS Alexa Internet .com Domain name registrar Valuation (finance) Revenue Google Ads IP address Component Object Model Domain name Server (computing) Unique user Web server Index term McAfee SiteAdvisor Target Corporation Windows Registry URL Name server Greenwich Mean Time