install.php in Minecraft Servers List Lite before commit c1cd164 and Premium Minecraft Servers List before 2.0.4 does not sanitize input before saving database connection information in connect.php, which might allow remote attackers to execute arbitrary PHP code via the (1) database_server, (2) database_user, (3) database_password, or (4) database_name parameter.
References
Link | Resource |
---|---|
https://www.rastating.com/minecraft-servers-list-unauthenticated-shell-upload/ | Exploit Mitigation Patch Third Party Advisory |
https://www.rastating.com/minecraft-servers-list-unauthenticated-shell-upload/ | Exploit Mitigation Patch Third Party Advisory |
Configurations
History
21 Nov 2024, 04:09
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.rastating.com/minecraft-servers-list-unauthenticated-shell-upload/ - Exploit, Mitigation, Patch, Third Party Advisory |
Information
Published : 2018-01-23 19:29
Updated : 2024-11-21 04:09
NVD link : CVE-2018-5749
Mitre link : CVE-2018-5749
CVE.ORG link : CVE-2018-5749
JSON object : View
Products Affected
minecraft_servers_list_lite_project
- minecraft_servers_list_lite
premium_minecraft_servers_list_project
- premium_minecraft_servers_list
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type