panghusec/exploit

Releases0

Stars2

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2019-7402 ↗	Feb 5, 2019Tuesday, 5 February 2019, 16:29	—	4.3 MEDIUM
An issue was discovered in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfg_qqcode parameter. This can be exploited via CSRF.
CVE-2019-7403 ↗	Feb 5, 2019Tuesday, 5 February 2019, 16:29	—	5.5 MEDIUM
An issue was discovered in PHPMyWind 5.5. It allows remote attackers to delete arbitrary folders via an admin/database_backup.php?action=import&dopost=deldir&tbname=../ URI.
CVE-2018-17129 ↗	Sep 17, 2018Monday, 17 September 2018, 04:29	—	4 MEDIUM
MetInfo 6.1.0 has SQL injection in doexport() in app/system/feedback/admin/feedback_admin.class.php via the class1 field.
CVE-2018-17130 ↗	Sep 17, 2018Monday, 17 September 2018, 04:29	—	3.5 LOW
PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header,
CVE-2018-17131 ↗	Sep 17, 2018Monday, 17 September 2018, 04:29	—	6.5 MEDIUM
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field.
CVE-2018-17132 ↗	Sep 17, 2018Monday, 17 September 2018, 04:29	—	6.5 MEDIUM
admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter.
CVE-2018-17133 ↗	Sep 17, 2018Monday, 17 September 2018, 04:29	—	6.5 MEDIUM
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting.
CVE-2018-17134 ↗	Sep 17, 2018Monday, 17 September 2018, 04:29	—	6.5 MEDIUM
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field.