Phpwind · Phpwind · CVE-2015-4134
**Name of the Vulnerable Software and Affected Versions**
phpwind version 8.7
**Description**
The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the `url` parameter in the goto.php file.
**Recommendations**
For phpwind version 8.7, consider restricting access to the goto.php file or validating the `url` parameter to prevent redirects to unauthorized sites until a patch is available.