3 matches found
CVE-2026-39918
Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where the subdir POST parameter is written unsanitized into the env.php configuration file without escaping or validation. Attackers can inject arbitrary PHP code by breaking out of the string context in t...
CVE-2026-39918
creationtimestamp| type| source ---|---|--- 2026-04-20 16:31:57+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjwvf6udne2i 2026-04-20 17:22:08+00:00| seen| Telegram/-Vy2XQ2z07jYi2wcd9u4WdI0Jz8Ty9lZ08uUeDLxVO8eZvU 2026-04-20 18:48:12+00:00| seen|...
CVE-2026-39918
Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where the subdir POST parameter is written unsanitized into the env.php configuration file without escaping or validation. Attackers can inject arbitrary PHP code by breaking out of the string context in t...