CVE-2020-18885

Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the «text color» field of the component ‘/admin/web_config.php’.