Vulnerabilities > Phpmywind

DATE	CVE	VULNERABILITY TITLE	RISK
2023-06-20	CVE-2020-21400	SQL Injection vulnerability in PHPmywind 5.6 SQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a remote attacker to execute arbitrary code via the id variable in the modify function. network low complexity phpmywind CWE-89	7.2
2023-04-04	CVE-2020-21060	SQL Injection vulnerability in PHPmywind 5.6 SQL injection vulnerability found in PHPMyWind v.5.6 allows a remote attacker to gain privileges via the delete function of the administrator management page. network low complexity phpmywind CWE-89	8.8
2021-10-14	CVE-2020-19964	Cross-Site Request Forgery (CSRF) vulnerability in PHPmywind 5.6 A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication. network low complexity phpmywind CWE-352	6.5
2021-09-07	CVE-2021-39503	Code Injection vulnerability in PHPmywind 5.6 PHPMyWind 5.6 is vulnerable to Remote Code Execution. network low complexity phpmywind CWE-94	7.2
2021-08-20	CVE-2020-18885	Command Injection vulnerability in PHPmywind 5.6 Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/web_config.php'. network low complexity phpmywind CWE-77	7.2
2021-08-20	CVE-2020-18886	Unrestricted Upload of File with Dangerous Type vulnerability in PHPmywind 5.6 Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component 'admin/upload_file_do.php'. network low complexity phpmywind CWE-434	7.2
2021-05-27	CVE-2020-18229	Cross-site Scripting vulnerability in PHPmywind 5.5 Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_copyright" of component " /admin/web_config.php". network low complexity phpmywind CWE-79	4.8
2021-05-27	CVE-2020-18230	Cross-site Scripting vulnerability in PHPmywind 5.5 Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_switchshow" of component " /admin/web_config.php". network low complexity phpmywind CWE-79	4.8
2019-09-23	CVE-2019-16704	Cross-site Scripting vulnerability in PHPmywind 5.6 admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS. network low complexity phpmywind CWE-79	4.8
2019-09-23	CVE-2019-16703	Cross-site Scripting vulnerability in PHPmywind 5.6 admin/infolist_add.php in PHPMyWind 5.6 has stored XSS. network low complexity phpmywind CWE-79	6.1

Vulnerabilities > Phpmywind {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Phpmywind"}]}

Vulnerabilities > Phpmywind