Skip to main content

Phpmywind

16 CVEs product

Monthly

CVE-2020-19964 MEDIUM POC This Month

A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Phpmywind
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-39503 HIGH POC This Week

PHPMyWind 5.6 is vulnerable to Remote Code Execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Phpmywind
NVD GitHub
CVSS 3.1
7.2
EPSS
2.8%
CVE-2019-16704 MEDIUM POC This Month

admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpmywind
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2019-16703 MEDIUM POC This Month

admin/infolist_add.php in PHPMyWind 5.6 has stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpmywind
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-7661 MEDIUM POC This Month

An issue was discovered in PHPMyWind 5.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpmywind
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-7660 MEDIUM POC This Month

An issue was discovered in PHPMyWind 5.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpmywind
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-8435 MEDIUM POC This Month

admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpmywind
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2019-7403 MEDIUM POC This Month

An issue was discovered in PHPMyWind 5.5. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Phpmywind
NVD GitHub
CVSS 3.0
4.9
EPSS
1.7%
CVE-2019-7402 MEDIUM POC This Month

An issue was discovered in PHPMyWind 5.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS PHP Phpmywind
NVD GitHub
CVSS 3.0
6.1
EPSS
0.4%
CVE-2018-17134 HIGH POC This Week

admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Phpmywind
NVD GitHub
CVSS 3.0
7.2
EPSS
2.1%
CVE-2018-17133 HIGH POC This Week

admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Phpmywind
NVD GitHub
CVSS 3.0
7.2
EPSS
2.1%
CVE-2018-17132 HIGH POC This Week

admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Phpmywind
NVD GitHub
CVSS 3.0
7.2
EPSS
2.1%
CVE-2018-17131 HIGH POC This Week

admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Phpmywind
NVD GitHub
CVSS 3.0
7.2
EPSS
2.1%
CVE-2018-17130 MEDIUM POC This Month

PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpmywind
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-11487 MEDIUM This Month

PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Phpmywind
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2017-12984 MEDIUM POC This Month

PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpmywind
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
1.4%
EPSS 1% CVSS 6.5
MEDIUM POC This Month

A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Phpmywind
NVD GitHub VulDB
EPSS 3% CVSS 7.2
HIGH POC This Week

PHPMyWind 5.6 is vulnerable to Remote Code Execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection +1
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpmywind
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

admin/infolist_add.php in PHPMyWind 5.6 has stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpmywind
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in PHPMyWind 5.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpmywind
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in PHPMyWind 5.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpmywind
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpmywind
NVD GitHub
EPSS 2% CVSS 4.9
MEDIUM POC This Month

An issue was discovered in PHPMyWind 5.5. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Phpmywind
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in PHPMyWind 5.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS PHP +1
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP +1
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP +1
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP +1
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP +1
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpmywind
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Phpmywind
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Phpmywind
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy