Linlin0

**Name of the Vulnerable Software and Affected Versions** PHPMyWind version 5.5 **Description** An issue in PHPMyWind allows remote attackers to delete arbitrary folders. This is achieved through the "admin/database backup.php" API endpoint with specific parameters, including `action=import`, `dopost=deldir`, and `tbname=../`. **Recommendations** For PHPMyWind version 5.5, as a temporary workaround, consider restricting access to the "admin/database backup.php" API endpoint until a patch is available. Avoid using the `tbname` parameter with relative paths (e.g., `../`) in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.