phpmywind CVE 脆弱性と CVE 一覧(22)

製品(CPE): — CVE 件数: 22

phpmywind 脆弱性概要

phpmywind 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

一般的な弱点パターンには vendor risk cross-site scripting、vendor risk sql injection、vendor risk csrf, and パス処理の欠陥 があり、vendor surface production workloads の利用場面で vendor impact session compromise、vendor impact data exposure, and ファイル上書き などのリスクが生じる可能性があります。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移(直近24か月)

表示中 120 / 22 CVE 件数
«« 先頭 « 前へ 1 / 2 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2020-21400 SQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a remote attacker to execute arbitrary code via the id variable in the modify function. [email protected] 7.2 1.13% 2023-06-20 2026-06-16
CVE-2020-21060 SQL injection vulnerability found in PHPMyWind v.5.6 allows a remote attacker to gain privileges via the delete function of the administrator management page. [email protected] 8.8 0.92% 2023-04-04 2026-06-16
CVE-2020-19964 A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication. [email protected] 6.5 0.64% 2021-10-14 2026-06-16
CVE-2021-39503 PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without "<, >, ?, =, `,...." In WriteConfig() function, an attacker can inject php code to /include/config.cache.php file. [email protected] 7.2 2.82% 2021-09-07 2026-06-17
CVE-2020-18886 Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component 'admin/upload_file_do.php'. [email protected] 7.2 1.80% 2021-08-20 2026-06-16
CVE-2020-18885 Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/web_config.php'. [email protected] 7.2 3.87% 2021-08-20 2026-06-16
CVE-2020-18230 Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_switchshow" of component " /admin/web_config.php". [email protected] 4.8 0.98% 2021-05-27 2026-06-16
CVE-2020-18229 Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_copyright" of component " /admin/web_config.php". [email protected] 4.8 0.93% 2021-05-27 2026-06-16
CVE-2019-16704 admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS. [email protected] 4.8 0.75% 2019-09-23 2026-06-16
CVE-2019-16703 admin/infolist_add.php in PHPMyWind 5.6 has stored XSS. [email protected] 6.1 0.82% 2019-09-23 2026-06-16
CVE-2019-7661 An issue was discovered in PHPMyWind 5.5. The method parameter of the data/api/oauth/connect.php page has a reflected Cross-site Scripting (XSS) vulnerability. [email protected] 6.1 0.86% 2019-03-07 2026-06-16
CVE-2019-7660 An issue was discovered in PHPMyWind 5.5. The username parameter of the /install/index.php page has a stored Cross-site Scripting (XSS) vulnerability, as demonstrated by admin/login.php. [email protected] 6.1 0.86% 2019-03-07 2026-06-16
CVE-2019-8435 admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header. [email protected] 4.8 0.58% 2019-02-17 2026-06-16
CVE-2019-7403 An issue was discovered in PHPMyWind 5.5. It allows remote attackers to delete arbitrary folders via an admin/database_backup.php?action=import&dopost=deldir&tbname=../ URI. [email protected] 4.9 1.69% 2019-02-05 2026-06-16
CVE-2019-7402 An issue was discovered in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfg&#95;qqcode parameter. This can be exploited via CSRF. [email protected] 6.1 0.43% 2019-02-05 2026-06-16
CVE-2018-17134 admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field. [email protected] 7.2 1.84% 2018-09-17 2026-06-16
CVE-2018-17133 admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting. [email protected] 7.2 1.84% 2018-09-17 2026-06-16
CVE-2018-17132 admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter. [email protected] 7.2 1.84% 2018-09-17 2026-06-16
CVE-2018-17131 admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field. [email protected] 7.2 1.84% 2018-09-17 2026-06-16
CVE-2018-17130 PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header, [email protected] 5.4 0.53% 2018-09-17 2026-06-16
«« 先頭 « 前へ 1 / 2 次へ »
cvelogic Threat Intelligence