Vulnerabilities > Phpmywind > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-10-14 CVE-2020-19964 Cross-Site Request Forgery (CSRF) vulnerability in PHPmywind 5.6
A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication.
network
phpmywind CWE-352
4.3
4.3
2021-09-07 CVE-2021-39503 Code Injection vulnerability in PHPmywind 5.6
PHPMyWind 5.6 is vulnerable to Remote Code Execution.
network
low complexity
phpmywind CWE-94
6.5
6.5
2021-08-20 CVE-2020-18885 Command Injection vulnerability in PHPmywind 5.6
Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/web_config.php'.
network
low complexity
phpmywind CWE-77
6.5
6.5
2021-08-20 CVE-2020-18886 Unrestricted Upload of File with Dangerous Type vulnerability in PHPmywind 5.6
Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component 'admin/upload_file_do.php'.
network
low complexity
phpmywind CWE-434
6.5
6.5
2019-09-23 CVE-2019-16703 Cross-site Scripting vulnerability in PHPmywind 5.6
admin/infolist_add.php in PHPMyWind 5.6 has stored XSS.
network
phpmywind CWE-79
4.3
4.3
2019-03-07 CVE-2019-7661 Cross-site Scripting vulnerability in PHPmywind
An issue was discovered in PHPMyWind 5.5.
network
phpmywind CWE-79
4.3
4.3
2019-03-07 CVE-2019-7660 Cross-site Scripting vulnerability in PHPmywind
An issue was discovered in PHPMyWind 5.5.
network
phpmywind CWE-79
4.3
4.3
2019-02-05 CVE-2019-7403 Path Traversal vulnerability in PHPmywind 5.5
An issue was discovered in PHPMyWind 5.5.
network
low complexity
phpmywind CWE-22
5.5
5.5
2019-02-05 CVE-2019-7402 Cross-Site Request Forgery (CSRF) vulnerability in PHPmywind 5.5
An issue was discovered in PHPMyWind 5.5.
network
phpmywind CWE-352
4.3
4.3
2018-09-17 CVE-2018-17134 Code Injection vulnerability in PHPmywind 5.5
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field.
network
low complexity
phpmywind CWE-94
6.5
6.5