Shodan
Vulnerabilities
Vulnerable Software
Phpmywind:  >> Phpmywind  Security Vulnerabilities
CVE-2020-21400
SQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a remote attacker to execute arbitrary code via the id variable in the modify function.
CVSS Score
7.2
EPSS Score
0.007
Published
2023-06-20
CVE-2020-21060
SQL injection vulnerability found in PHPMyWind v.5.6 allows a remote attacker to gain privileges via the delete function of the administrator management page.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-04-04
CVE-2020-19964
A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-10-14
CVE-2021-39503
PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without "<, >, ?, =, `,...." In WriteConfig() function, an attacker can inject php code to /include/config.cache.php file.
CVSS Score
7.2
EPSS Score
0.033
Published
2021-09-07
CVE-2020-18885
Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/web_config.php'.
CVSS Score
7.2
EPSS Score
0.017
Published
2021-08-20
CVE-2020-18886
Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component 'admin/upload_file_do.php'.
CVSS Score
7.2
EPSS Score
0.03
Published
2021-08-20
CVE-2020-18229
Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_copyright" of component " /admin/web_config.php".
CVSS Score
4.8
EPSS Score
0.003
Published
2021-05-27
CVE-2020-18230
Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_switchshow" of component " /admin/web_config.php".
CVSS Score
4.8
EPSS Score
0.004
Published
2021-05-27
CVE-2019-16703
admin/infolist_add.php in PHPMyWind 5.6 has stored XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-09-23
CVE-2019-16704
admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS.
CVSS Score
4.8
EPSS Score
0.003
Published
2019-09-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved