PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without “<, >, ?, =, `,….” In WriteConfig() function, an attacker can inject php code to /include/config.cache.php file.

By admin