PT-2018-13915 · Phpmywind · Phpmywind
Panghusec
·
Publicado
2018-09-17
·
Atualizado
2018-11-01
·
CVE-2018-17134
CVSS v3.1
7.2
Alta
| Vetor | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PHPMyWind version 5.5
Description
The issue allows admin users to execute arbitrary code by manipulating the
cfg author field in conjunction with a crafted cfg webpath field in the admin/web config.php file.Recommendations
For PHPMyWind version 5.5, consider restricting access to the admin/web config.php file until a patch is available, and avoid using the
cfg author and cfg webpath fields in conjunction to minimize the risk of exploitation.Exploit
Correção
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Phpmywind