CVE-2021-39503
Published
CVSS v3
7.2
HIGH
CVSS v2
6.5
MEDIUM
Affected
1
PROJECT
Description
PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without "<, >, ?, =, `,...." In WriteConfig() function, an attacker can inject php code to /include/config.cache.php file.
GitHub