273 matches found
EUVD-2014-9386
Malware in sbrugna...
EUVD-2020-11049
Malware in sbrugna...
EUVD-2008-6721
Malware in sbrugna...
EUVD-2018-8531
Malware in sbrugna...
EUVD-2023-57359
Malicious code in bioql PyPI...
EUVD-2023-28177
Malicious code in bioql PyPI...
EUVD-2021-30410
Malicious code in bioql PyPI...
CVE-2014-125116 HybridAuth 2.0.9 - 2.2.2 Unauthenticated RCE via install.php Configuration Injection
A remote code execution vulnerability exists in HybridAuth versions 2.0.9 through 2.2.2 due to insecure use of the install.php installation script. The script remains accessible after deployment and fails to sanitize input before writing to the application’s config.php file. An unauthenticated...
CVE-2024-31022
An issue was discovered in CandyCMS version 1.0.0, allows remote attackers to execute arbitrary code via the install.php component...
CVE-2024-0413
A vulnerability was found in DeShang DSKMS up to 3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file public/install.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the publ...
CVE-2023-29855
WBCE CMS 1.5.3 has a command execution vulnerability via admin/languages/install.php...
CVE-2022-25101
A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2020-19142
iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DBPREFIX parameter to install/install.php...
CVE-2020-19527
iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DBNAME parameter to install/install.php...
CVE-2018-20614
public\install\install.php in CIM 0.9.3 allows remote attackers to reload the product via the public/install//step3 URI...
CVE-2018-18892
MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the sitename field in mcconf.php...
silverstripe/framework's install.php script discloses sensitive data by pre-populating DB credential forms
When accessing the install.php script it is possible to extract any pre-configured database or default admin account password by viewing the source of the page, and inspecting the value property of the password fields...
GHSA-R3PR-FH25-WRFC silverstripe/framework's install.php script discloses sensitive data by pre-populating DB credential forms
When accessing the install.php script it is possible to extract any pre-configured database or default admin account password by viewing the source of the page, and inspecting the value property of the password fields...
GHSA-MQF5-275H-GF6R Silverstripe framework is vulnerable to XSS in install.php
During installation, certain parameters adminusername and adminpassword are not escaped in the setup form. This issue is resolved in 3.1.14 stable, although existing users are advised to remove this file prior to deploying to a production server...
Denial Of Service (DoS)
drupal/core is vulnerable to Denial Of Service. The vulnerability is caused by visiting install.php, which can cause cached data to become corrupted until caches are rebuilt...