CVE-2018-10429

Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the Database Info screen of install.php...

CVE-2018-5749

install.php in Minecraft Servers List Lite before commit c1cd164 and Premium Minecraft Servers List before 2.0.4 does not sanitize input before saving database connection information in connect.php, which might allow remote attackers to execute arbitrary PHP code via the 1 databaseserver, 2...

SS-2017-010: install.php discloses sensitive data by pre-populating DB credential forms

More info at https://www.silverstripe.org/download/security-releases/ss-2017-010/...

CVE-2017-16759

The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php...

CVE-2017-16759

The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php...

CVE-2017-16759

CVE-2017-16759 affects LibreNMS: the installation process before 2017-08-18 allows remote attackers to read arbitrary files via html/install.php. Multiple connected sources (GitHub security advisory GHSA-4CCX-WJQP-5FWW, OSV, CNVD/CNVD-2017-36362, NVD entry) corroborate an arbitrary file read duri...

Typecho blog install.php has command execution vulnerability

Typecho is an open source blogging platform written in PHP. A command execution vulnerability exists in Typecho blog install.php, which can be exploited by an attacker to cause remote code execution and gain administrative privileges...

Question2Answer User Account Creation Vulnerability

Question2Answer is a PHP implementation of the class StackOverflow website question and answer system . A security vulnerability exists in the qa-include/qa-install.php file in Question2Answer versions prior to 1.7.5. A remote attacker can exploit this vulnerability to create multiple user accoun...

CVE-2017-12061

CVE-2017-12061 affects MantisBT installations via admin/install.php, with XSS caused by unsanitized user-controlled variables in the installer (notably $f_database, $f_db_username, $f_admin_username). Vulnerable versions are MantisBT < 1.3.12 and

Cross-site Scripting (XSS)

silverstripe/framework is vulnerable to cross-site scripting XSS attacks. Using the adminusername or the adminpassword parameters in install.php, attackers can inject web script or HTML...

AContent CMS 1.3 Cross Site Scripting

|||||||||||||||||||||||||||||||||||||||||| |=============================================================| |+ Exploit Title:A Cross Site Scripting in AContent Content Management System |+ |+ Exploit Author: Ashiyane Digital Security Team |+ |+ Download Link :...

Dswjcms3. 2. 1 install.php repeat the installation

No description provided by source...

B2Bbuilder v7.0.1 install.php 设计缺陷可无限制getshell

0x01漏洞简介 B2Bbuilder v7.0.1 在文件install.php处存在一个设计缺陷，导致可无限制getshell。 0x02漏洞详情 /install/install.php if$action == "setup" //检查参数是否完整 $dbhost = $GET'dbhost'; $port = $GET'port'; $dbname = $GET'dbname'; $dbuser = $GET'dbuser'; $dbpassword = $GET'dbpassword'; $tableprefix = $GET'tableprefix'; $guid =...

shopbuilder系统 install.php 参数 weburl SQL注入漏洞

No description provided by source...

Online Airline Booking System - Multiple Vulnerabilities

Online Airline Booking System - Multiple Vulnerabilities Exploit Title : Online Airline Booking System multiple vulnerabilities Author : WICS Date : 05/1/2016 Software Link : http://sourceforge.net/projects/oabs/ Affected Version: All Overview: The Online Airline Booking System is designed to be ...

CVE-2015-7382

SQL injection vulnerability in install.php in Web Reference Database aka refbase through 0.9.6 allows remote attackers to execute arbitrary SQL commands via the defaultCharacterSet parameter, a different issue than CVE-2015-6009...

Sql injection

SQL injection vulnerability in install.php in Web Reference Database aka refbase through 0.9.6 allows remote attackers to execute arbitrary SQL commands via the defaultCharacterSet parameter, a different issue than CVE-2015-6009...

CVE-2015-6008

CVE-2015-6008 affects Web Reference Database (refbase) install.php up to version 0.9.6. A remote attacker can execute arbitrary PHP code by manipulating the adminPassword parameter, enabling remote code execution. This is a confirmed vulnerability entry with corroborating references indicating a ...

CVE-2015-7382

The connected documents confirm a SQL injection vulnerability in Web Reference Database (refbase) through version 0.9.6, exploitable via the defaultCharacterSet parameter in install.php, enabling remote execution of arbitrary SQL commands. This CVE is distinct from CVE-2015-6009 and is listed amo...

refbase 0.9.6 - Multiple Vulnerabilities

Exploit Title: Refbase 5 /rss.php?where='nonexistent'+union+allselect+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,concat'version:',@@version,'',34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50-- - /rss.php?where='...