CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-18885

Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/web_config.php'.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.017

EPSS Ranking 81.3%

CVSS Severity

CVSS v3 Score 7.2

CVSS v2 Score 6.5

References

https://cwe.mitre.org/data/definitions/77.html
https://github.com/gaozhifeng/PHPMyWind/issues/4
https://cwe.mitre.org/data/definitions/77.html
https://github.com/gaozhifeng/PHPMyWind/issues/4

Products affected by CVE-2020-18885

Phpmywind » Phpmywind » Version: 5.6

cpe:2.3:a:phpmywind:phpmywind:5.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-18885

Products

Pricing

Contact Us