Vulnerabilities > Phpmywind

DATE CVE VULNERABILITY TITLE RISK
2021-10-14 CVE-2020-19964 Cross-Site Request Forgery (CSRF) vulnerability in PHPmywind 5.6
A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication.
network
phpmywind CWE-352
4.3
2021-09-07 CVE-2021-39503 Code Injection vulnerability in PHPmywind 5.6
PHPMyWind 5.6 is vulnerable to Remote Code Execution.
network
low complexity
phpmywind CWE-94
6.5
2021-08-20 CVE-2020-18885 Command Injection vulnerability in PHPmywind 5.6
Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/web_config.php'.
network
low complexity
phpmywind CWE-77
6.5
2021-08-20 CVE-2020-18886 Unrestricted Upload of File with Dangerous Type vulnerability in PHPmywind 5.6
Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component 'admin/upload_file_do.php'.
network
low complexity
phpmywind CWE-434
6.5
2021-05-27 CVE-2020-18229 Cross-site Scripting vulnerability in PHPmywind 5.5
Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_copyright" of component " /admin/web_config.php".
network
phpmywind CWE-79
3.5
2021-05-27 CVE-2020-18230 Cross-site Scripting vulnerability in PHPmywind 5.5
Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_switchshow" of component " /admin/web_config.php".
network
phpmywind CWE-79
3.5
2019-09-23 CVE-2019-16704 Cross-site Scripting vulnerability in PHPmywind 5.6
admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS.
network
phpmywind CWE-79
3.5
2019-09-23 CVE-2019-16703 Cross-site Scripting vulnerability in PHPmywind 5.6
admin/infolist_add.php in PHPMyWind 5.6 has stored XSS.
network
phpmywind CWE-79
4.3
2019-03-07 CVE-2019-7661 Cross-site Scripting vulnerability in PHPmywind
An issue was discovered in PHPMyWind 5.5.
network
phpmywind CWE-79
4.3
2019-03-07 CVE-2019-7660 Cross-site Scripting vulnerability in PHPmywind
An issue was discovered in PHPMyWind 5.5.
network
phpmywind CWE-79
4.3