CVE-2018-5749

install.php in Minecraft Servers List Lite before commit c1cd164 and Premium Minecraft Servers List before 2.0.4 does not sanitize input before saving database connection information in connect.php, which might allow remote attackers to execute arbitrary PHP code via the (1) database_server, (2) database_user, (3) database_password, or (4) database_name parameter.
References
Link Resource
https://www.rastating.com/minecraft-servers-list-unauthenticated-shell-upload/ Exploit Mitigation Patch Third Party Advisory
https://www.rastating.com/minecraft-servers-list-unauthenticated-shell-upload/ Exploit Mitigation Patch Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:premium_minecraft_servers_list_project:premium_minecraft_servers_list:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:minecraft_servers_list_lite_project:minecraft_servers_list_lite:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:09

Type Values Removed Values Added
References () https://www.rastating.com/minecraft-servers-list-unauthenticated-shell-upload/ - Exploit, Mitigation, Third Party Advisory, Patch () https://www.rastating.com/minecraft-servers-list-unauthenticated-shell-upload/ - Exploit, Mitigation, Patch, Third Party Advisory

Information

Published : 2018-01-23 19:29

Updated : 2024-11-21 04:09


NVD link : CVE-2018-5749

Mitre link : CVE-2018-5749

CVE.ORG link : CVE-2018-5749


JSON object : View

Products Affected

minecraft_servers_list_lite_project

  • minecraft_servers_list_lite

premium_minecraft_servers_list_project

  • premium_minecraft_servers_list
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type