phpmywind CVE Vulnerabilities & Metrics

Focus on phpmywind vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About phpmywind Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with phpmywind. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total phpmywind CVEs: 22
Earliest CVE date: 21 Aug 2017, 07:29 UTC
Latest CVE date: 20 Jun 2023, 15:15 UTC

Latest CVE reference: CVE-2020-21400

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical phpmywind CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.48

Max CVSS: 6.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	7
4.0-6.9	15
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS phpmywind CVEs

These are the five CVEs with the highest CVSS scores for phpmywind, sorted by severity first and recency.

CVE-2021-39503 phpmywind Published on 07 Sep 2021, 20:15 UTC (CVSS: 6.5)
PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without "<, >, ?, =, `,...." In WriteConfig() function, an attacker can inject php code to /include/config.cache.php file.
CVE-2020-18886 phpmywind Published on 20 Aug 2021, 14:15 UTC (CVSS: 6.5)
Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component 'admin/upload_file_do.php'.
CVE-2020-18885 phpmywind Published on 20 Aug 2021, 14:15 UTC (CVSS: 6.5)
Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/web_config.php'.
CVE-2018-17134 phpmywind Published on 17 Sep 2018, 04:29 UTC (CVSS: 6.5)
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field.
CVE-2018-17133 phpmywind Published on 17 Sep 2018, 04:29 UTC (CVSS: 6.5)
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting.

All CVEs for phpmywind

CVE-2020-21400 phpmywind vulnerability CVSS: 0 20 Jun 2023, 15:15 UTC

SQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a remote attacker to execute arbitrary code via the id variable in the modify function.

CVE-2020-21060 phpmywind vulnerability CVSS: 0 04 Apr 2023, 15:15 UTC

SQL injection vulnerability found in PHPMyWind v.5.6 allows a remote attacker to gain privileges via the delete function of the administrator management page.

CVE-2020-19964 phpmywind vulnerability CVSS: 4.3 14 Oct 2021, 15:15 UTC

A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication.

CVE-2021-39503 phpmywind vulnerability CVSS: 6.5 07 Sep 2021, 20:15 UTC

PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without "<, >, ?, =, `,...." In WriteConfig() function, an attacker can inject php code to /include/config.cache.php file.

CVE-2020-18886 phpmywind vulnerability CVSS: 6.5 20 Aug 2021, 14:15 UTC

Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component 'admin/upload_file_do.php'.

CVE-2020-18885 phpmywind vulnerability CVSS: 6.5 20 Aug 2021, 14:15 UTC

Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/web_config.php'.

CVE-2020-18230 phpmywind vulnerability CVSS: 3.5 27 May 2021, 16:15 UTC

Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_switchshow" of component " /admin/web_config.php".

CVE-2020-18229 phpmywind vulnerability CVSS: 3.5 27 May 2021, 16:15 UTC

Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_copyright" of component " /admin/web_config.php".

CVE-2019-16704 phpmywind vulnerability CVSS: 3.5 23 Sep 2019, 04:15 UTC

admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS.

CVE-2019-16703 phpmywind vulnerability CVSS: 4.3 23 Sep 2019, 04:15 UTC

admin/infolist_add.php in PHPMyWind 5.6 has stored XSS.

CVE-2019-7661 phpmywind vulnerability CVSS: 4.3 07 Mar 2019, 23:29 UTC

An issue was discovered in PHPMyWind 5.5. The method parameter of the data/api/oauth/connect.php page has a reflected Cross-site Scripting (XSS) vulnerability.

CVE-2019-7660 phpmywind vulnerability CVSS: 4.3 07 Mar 2019, 23:29 UTC

An issue was discovered in PHPMyWind 5.5. The username parameter of the /install/index.php page has a stored Cross-site Scripting (XSS) vulnerability, as demonstrated by admin/login.php.

CVE-2019-8435 phpmywind vulnerability CVSS: 3.5 18 Feb 2019, 00:29 UTC

admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header.

CVE-2019-7403 phpmywind vulnerability CVSS: 5.5 05 Feb 2019, 16:29 UTC

An issue was discovered in PHPMyWind 5.5. It allows remote attackers to delete arbitrary folders via an admin/database_backup.php?action=import&dopost=deldir&tbname=../ URI.

CVE-2019-7402 phpmywind vulnerability CVSS: 4.3 05 Feb 2019, 16:29 UTC

An issue was discovered in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfg_qqcode parameter. This can be exploited via CSRF.

CVE-2018-17134 phpmywind vulnerability CVSS: 6.5 17 Sep 2018, 04:29 UTC

admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field.

CVE-2018-17133 phpmywind vulnerability CVSS: 6.5 17 Sep 2018, 04:29 UTC

admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting.

CVE-2018-17132 phpmywind vulnerability CVSS: 6.5 17 Sep 2018, 04:29 UTC

admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter.

CVE-2018-17131 phpmywind vulnerability CVSS: 6.5 17 Sep 2018, 04:29 UTC

admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field.

CVE-2018-17130 phpmywind vulnerability CVSS: 3.5 17 Sep 2018, 04:29 UTC

PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header,

CVE-2018-11487 phpmywind vulnerability CVSS: 4.3 26 May 2018, 15:29 UTC

PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php.

CVE-2017-12984 phpmywind vulnerability CVSS: 4.3 21 Aug 2017, 07:29 UTC

PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php.