PT-2021-10160 · Phpmywind · Phpmywind
Published
2021-05-27
·
Updated
2021-05-28
·
CVE-2020-18230
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
PHPMyWind version 5.5
Description:
The issue allows remote attackers to execute arbitrary code through Cross Site Scripting (XSS) by injecting scripts into the
cfg switchshow parameter of the /admin/web config.php component.Recommendations:
For PHPMyWind version 5.5, consider restricting access to the
/admin/web config.php component until a patch is available, and avoid using the cfg switchshow parameter in this endpoint to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpmywind