CVE-2018-5749

Published: Jan 23, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

install.php in Minecraft Servers List Lite before commit c1cd164 and Premium Minecraft Servers List before 2.0.4 does not sanitize input before saving database connection information in connect.php, which might allow remote attackers to execute arbitrary PHP code via the (1) database_server, (2) database_user, (3) database_password, or (4) database_name parameter.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.rastating.com/minecraft-servers-list-unauthenticated-shell-upload/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-5749

Description

Affected Products

References