Vulnerabilities > Phpmywind > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-09-17 CVE-2018-17133 Code Injection vulnerability in PHPmywind 5.5
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting.
network
low complexity
phpmywind CWE-94
6.5
6.5
2018-09-17 CVE-2018-17132 Code Injection vulnerability in PHPmywind 5.5
admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter.
network
low complexity
phpmywind CWE-94
6.5
6.5
2018-09-17 CVE-2018-17131 Code Injection vulnerability in PHPmywind 5.5
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field.
network
low complexity
phpmywind CWE-94
6.5
6.5
2018-05-26 CVE-2018-11487 Cross-site Scripting vulnerability in PHPmywind 5.5
PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php.
network
phpmywind CWE-79
4.3
4.3
2017-08-21 CVE-2017-12984 Cross-site Scripting vulnerability in PHPmywind 5.3
PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php.
network
phpmywind CWE-79
4.3
4.3