CVE-2021-39503

Name of the Vulnerable Software and Affected Versions: PHPMyWind version 5.6

Description: The issue allows for Remote Code Execution due to insufficient input filtering. Specifically, the lack of filtering for characters like <, >, ?, =, , etc., enables an attacker to inject PHP code into the /include/config.cache.php file through the WriteConfig() function.

Recommendations: For PHPMyWind version 5.6, consider disabling the WriteConfig() function until a patch is available to prevent potential code injection attacks. Restrict access to the /include/config.cache.php file to minimize the risk of exploitation. Avoid using unfiltered input in the affected function to mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.