PT-2019-18686 · Phpmywind · Phpmywind

Eddie Tc Chang

Published

2019-03-07

Updated

2019-03-08

CVE-2019-7660

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions PHPMyWind version 5.5

Description A stored Cross-site Scripting (XSS) issue was found. The username parameter of the "/install/index.php" page is vulnerable. This can be demonstrated via the "admin/login.php" page.

Recommendations For PHPMyWind version 5.5, consider restricting access to the "/install/index.php" page and avoid using the username parameter until a fix is available. As a temporary workaround, restrict the use of the vulnerable page to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-7660

Affected Products

Phpmywind

PT-2019-18686 · Phpmywind · Phpmywind

CVE-2019-7660

Weakness Enumeration

Related Identifiers

Affected Products

References · 3