XSS and CSRF Vulnerability in PHPMyWind 5.5 via GetQQ Function

XSS and CSRF Vulnerability in PHPMyWind 5.5 via GetQQ Function

CVE-2019-7402 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

An issue was discovered in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfg_qqcode parameter. This can be exploited via CSRF.

Learn more about our Web Application Penetration Testing UK.