CVE-2019-7719

Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request...

CVE-2019-7719

Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request...

CVE-2019-7720

taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php dbname parameter and then making a config.php request...

CVE-2019-7719

Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request...

TaoCMS code injection vulnerability

TaoCMS is a php sqlite/mysql based ultra-small CMS management system. TaoCMS is vulnerable to code injection, which can be exploited by placing PHP code in the install.php dbname parameter and then issuing a config.php request to perform eval injection...

Path traversal

Lei Feng TV CMS aka LFCMS 3.8.6 allows full path disclosure via the /install.php?s=/1 URI...

CVE-2018-20614

CVE-2018-20614 affects CIM 0.9.3; publicly reachable endpoint public/install/#/step3 enables remote reload of the product via public/install/. Root cause: web path handling in public/install allows unauthenticated access to trigger a reload action. Impact is defined as remote reload capability, w...

CVE-2018-20614

public\install\install.php in CIM 0.9.3 allows remote attackers to reload the product via the public/install//step3 URI...

CVE-2018-19180

statics/app/index/controller/Install.php in YUNUCMS 1.1.5 if install.lock is not present allows remote attackers to execute arbitrary PHP code by placing this code in the index.php?s=index/install/setup2 DBPREFIX field, which is written to database.php...

Code injection

statics/app/index/controller/Install.php in YUNUCMS 1.1.5 if install.lock is not present allows remote attackers to execute arbitrary PHP code by placing this code in the index.php?s=index/install/setup2 DBPREFIX field, which is written to database.php...

CVE-2018-19180

statics/app/index/controller/Install.php in YUNUCMS 1.1.5 if install.lock is not present allows remote attackers to execute arbitrary PHP code by placing this code in the index.php?s=index/install/setup2 DBPREFIX field, which is written to database.php...

CVE-2018-18892

MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the sitename field in mcconf.php...

CVE-2018-18892

The CVE-2018-18892 entry concerns MiniCMS 1.10, where the install.php sitename parameter can be manipulated to execute arbitrary PHP code, affecting the site_name field in mc_conf.php. The vulnerability is a code execution flaw rooted in input handling and file configuration, with CVSS metrics in...

CVE-2018-17126

CScms 4.1 allows remote code execution, as demonstrated by 1';eval$POSTcmd; in Web Name to upload\plugins\sys\Install.php...

Cross site scripting

\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name...

CVE-2018-16730

\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name...

CVE-2018-16730

\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name...

CVE-2018-16730

CVE-2018-16730 : In CScms 4.1, a cross-site scripting (XSS) vulnerability exists in the file path "\upload\plugins\sys\Install.php" triggered via the site name. The issue is documented across multiple sources (e.g., NVD/CNVD entries) as a CMS-originated XSS in that specific component. The connect...

Code injection

Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the Database Info screen of install.php...

CVE-2018-10429

Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the Database Info screen of install.php...