Vulnerabilities > Phpmywind > Phpmywind > 5.5

DATE CVE VULNERABILITY TITLE RISK
2021-05-27 CVE-2020-18229 Cross-site Scripting vulnerability in PHPmywind 5.5
Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_copyright" of component " /admin/web_config.php".
network
phpmywind CWE-79
3.5
3.5
2021-05-27 CVE-2020-18230 Cross-site Scripting vulnerability in PHPmywind 5.5
Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_switchshow" of component " /admin/web_config.php".
network
phpmywind CWE-79
3.5
3.5
2019-03-07 CVE-2019-7661 Cross-site Scripting vulnerability in PHPmywind
An issue was discovered in PHPMyWind 5.5.
network
phpmywind CWE-79
4.3
4.3
2019-03-07 CVE-2019-7660 Cross-site Scripting vulnerability in PHPmywind
An issue was discovered in PHPMyWind 5.5.
network
phpmywind CWE-79
4.3
4.3
2019-02-18 CVE-2019-8435 Cross-site Scripting vulnerability in PHPmywind 5.5
admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header.
network
phpmywind CWE-79
3.5
3.5
2019-02-05 CVE-2019-7403 Path Traversal vulnerability in PHPmywind 5.5
An issue was discovered in PHPMyWind 5.5.
network
low complexity
phpmywind CWE-22
5.5
5.5
2019-02-05 CVE-2019-7402 Cross-Site Request Forgery (CSRF) vulnerability in PHPmywind 5.5
An issue was discovered in PHPMyWind 5.5.
network
phpmywind CWE-352
4.3
4.3
2018-09-17 CVE-2018-17134 Code Injection vulnerability in PHPmywind 5.5
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field.
network
low complexity
phpmywind CWE-94
6.5
6.5
2018-09-17 CVE-2018-17133 Code Injection vulnerability in PHPmywind 5.5
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting.
network
low complexity
phpmywind CWE-94
6.5
6.5
2018-09-17 CVE-2018-17132 Code Injection vulnerability in PHPmywind 5.5
admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter.
network
low complexity
phpmywind CWE-94
6.5
6.5