phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=backup&c=backup&a=doback tabledb[] parameter, related to the "--backup database"...
7.2CVSS
7.4AI Score
0.001EPSS
PHPWind 9.1.0 has XSS vulnerabilities in the c and m parameters of the index.php...
6.1CVSS
6.1AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in goto.php in phpwind 8.7 allows remote attackers to inject arbitrary web script or HTML via the url...
5.9AI Score
0.003EPSS
Open redirect vulnerability in goto.php in phpwind 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url...
6.9AI Score
0.003EPSS
SQL injection vulnerability in admin.php in PHPWind 5.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the AdminUser...
8.8AI Score
0.003EPSS