CVE-2020-19964
MEDIUMPHPMyWind 5.6 - Unauthenticated Cross-Site Request Forgery
Title source: llmDescription
A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication.
References (3)
Core 3
Core References
Broken Link x_refsource_misc
http://phpmywind.com
Product, Third Party Advisory x_refsource_misc
https://github.com/gaozhifeng/PHPMyWind
Exploit, Third Party Advisory x_refsource_misc
https://github.com/gaozhifeng/PHPMyWind/issues/9
Scores
CVSS v3
6.5
EPSS
0.0064
EPSS Percentile
46.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-352
Status
published
Products (1)
phpmywind/phpmywind
5.6
Published
Oct 14, 2021
Tracked Since
Feb 18, 2026