PHPMyWind is a set of PHP and MySQL-based and W3C-compliant enterprise website building solutions. A SQL injection vulnerability exists in PHPMyWind v.5.6, which can be exploited by remote attackers to execute arbitrary code via the id variable in the modify function.