Phpmywind: >> Phpmywind Security Vulnerabilities
An issue was discovered in PHPMyWind 5.5. The username parameter of the /install/index.php page has a stored Cross-site Scripting (XSS) vulnerability, as demonstrated by admin/login.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-03-07
An issue was discovered in PHPMyWind 5.5. The method parameter of the data/api/oauth/connect.php page has a reflected Cross-site Scripting (XSS) vulnerability.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-03-07
admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header.
CVSS Score
4.8
EPSS Score
0.003
Published
2019-02-18
An issue was discovered in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfg_qqcode parameter. This can be exploited via CSRF.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-02-05
An issue was discovered in PHPMyWind 5.5. It allows remote attackers to delete arbitrary folders via an admin/database_backup.php?action=import&dopost=deldir&tbname=../ URI.
CVSS Score
4.9
EPSS Score
0.003
Published
2019-02-05
PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header,
CVSS Score
5.4
EPSS Score
0.003
Published
2018-09-17
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field.
CVSS Score
7.2
EPSS Score
0.004
Published
2018-09-17
admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter.
CVSS Score
7.2
EPSS Score
0.004
Published
2018-09-17
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting.
CVSS Score
7.2
EPSS Score
0.004
Published
2018-09-17
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field.
CVSS Score
7.2
EPSS Score
0.004
Published
2018-09-17