MidnightBSD

Advisories for mywebsql

CVE-2014-4735 MEDIUM

Cross-site scripting (XSS) vulnerability in MyWebSQL 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the table parameter to index.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
mywebsql mywebsql 3.1
mywebsql mywebsql *
mywebsql mywebsql 3.3
mywebsql mywebsql 3.0
mywebsql mywebsql 3.2
CVE-2017-1000011 MEDIUM

MyWebSQL version 3.6 is vulnerable to stored XSS in the database manager component resulting in account takeover or stealing of information

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
mywebsql mywebsql 3.6
CVE-2019-7544 LOW

An issue was discovered in MyWebSQL 3.7. The Add User function of the User Manager pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name Field.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
mywebsql mywebsql *
CVE-2019-7730 MEDIUM

MyWebSQL 3.7 has a Cross-site request forgery (CSRF) vulnerability for deleting a database via the /?q=wrkfrm&type=databases URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
mywebsql mywebsql 3.7
CVE-2019-7731 HIGH

MyWebSQL 3.7 has a remote code execution (RCE) vulnerability after an attacker writes shell code into the database, and executes the Backup Database function with a .php filename for the backup's archive file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-706,

Products Affected

Vendor Product Version
mywebsql mywebsql 3.7