MidnightBSD

Advisories for phpwind

CVE-2015-4134 MEDIUM

Open redirect vulnerability in goto.php in phpwind 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
phpwind phpwind 8.7
CVE-2015-4135 MEDIUM

Cross-site scripting (XSS) vulnerability in goto.php in phpwind 8.7 allows remote attackers to inject arbitrary web script or HTML via the url parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpwind phpwind 8.7
CVE-2019-13472 MEDIUM

PHPWind 9.1.0 has XSS vulnerabilities in the c and m parameters of the index.php file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpwind phpwind 9.1.0
CVE-2019-6691 MEDIUM

phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=backup&c=backup&a=doback tabledb[] parameter, related to the "--backup database" option.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
phpwind phpwind 9.0.2.170426