MyWebSQL ver 3.7 remote code execution (RCE) vulnerability Description
- Author: YU-HSIANG HUANG, YUNG-HAO TSENG, Eddie TC CHANG
- Contact: huang.yuhsiang.phone@gmail.com; 0xuhaw@gmail.com; eddietcchang@gmail.com
Testing Target
- Product: MyWebSQL
- Version: 3.7
- Official Website: http://mywebsql.net/
- Github: https://github.com/Samnan/MyWebSQL
Summary
MyWebSQL version in 3.7 has remote code execution (RCE) vulnerability.
Description
MyWebSQL version in 3.7 has remote code execution (RCE) vulnerability after write a shell code in database and execute Backup Database function.


