PT-2018-13915 · Phpmywind · Phpmywind
Panghusec
·
Published
2018-09-17
·
Updated
2018-11-01
·
CVE-2018-17134
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PHPMyWind version 5.5
Description
The issue allows admin users to execute arbitrary code by manipulating the
cfg author field in conjunction with a crafted cfg webpath field in the admin/web config.php file.Recommendations
For PHPMyWind version 5.5, consider restricting access to the admin/web config.php file until a patch is available, and avoid using the
cfg author and cfg webpath fields in conjunction to minimize the risk of exploitation.Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpmywind