Vulnerabilities > Phpmywind > Phpmywind > 5.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-05-27 | CVE-2020-18229 | Cross-site Scripting vulnerability in PHPmywind 5.5 Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_copyright" of component " /admin/web_config.php". | 3.5 |
2021-05-27 | CVE-2020-18230 | Cross-site Scripting vulnerability in PHPmywind 5.5 Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_switchshow" of component " /admin/web_config.php". | 3.5 |
2019-03-07 | CVE-2019-7661 | Cross-site Scripting vulnerability in PHPmywind An issue was discovered in PHPMyWind 5.5. | 4.3 |
2019-03-07 | CVE-2019-7660 | Cross-site Scripting vulnerability in PHPmywind An issue was discovered in PHPMyWind 5.5. | 4.3 |
2019-02-18 | CVE-2019-8435 | Cross-site Scripting vulnerability in PHPmywind 5.5 admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header. | 3.5 |
2019-02-05 | CVE-2019-7403 | Path Traversal vulnerability in PHPmywind 5.5 An issue was discovered in PHPMyWind 5.5. | 5.5 |
2019-02-05 | CVE-2019-7402 | Cross-Site Request Forgery (CSRF) vulnerability in PHPmywind 5.5 An issue was discovered in PHPMyWind 5.5. | 4.3 |
2018-09-17 | CVE-2018-17134 | Code Injection vulnerability in PHPmywind 5.5 admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field. | 6.5 |
2018-09-17 | CVE-2018-17133 | Code Injection vulnerability in PHPmywind 5.5 admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting. | 6.5 |
2018-09-17 | CVE-2018-17132 | Code Injection vulnerability in PHPmywind 5.5 admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter. | 6.5 |