PT-2019-18583 · Phpmywind · Phpmywind

Linlin0Opened

Published

2019-02-05

Updated

2020-08-24

CVE-2019-7402

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions PHPMyWind version 5.5

Description An issue was discovered that allows XSS via the cfg qqcode parameter in the GetQQ function, which can be exploited via CSRF.

Recommendations For PHPMyWind version 5.5, consider disabling the GetQQ function in include/func.class.php until a patch is available to prevent exploitation via the cfg qqcode parameter. Restrict access to the vulnerable function to minimize the risk of CSRF attacks.

Exploit

Fix

CSRF

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352CWE-79

Related Identifiers

CVE-2019-7402

Affected Products

Phpmywind

PT-2019-18583 · Phpmywind · Phpmywind

CVE-2019-7402

Weakness Enumeration

Related Identifiers

Affected Products

References · 3