3 matches found
CVE-2018-17207
An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files installer.php and installer-backup.php, an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution...
CVE-2018-17207
creationtimestamp| type| source ---|---|--- 2018-12-11 18:12:09+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/php/wpduplicatorcodeinject.rb 2018-12-12 15:33:01+00:00| published-proof-of-concept| https://t.me/defconnews/257 2025-02-06 03:13:43+00:00...
CVE-2018-17207
The CVE concerns WordPress Snap Creek Duplicator plugin before 1.2.42. The issue arises when leftover installer files (installer.php and installer-backup.php) are accessed, allowing an attacker to inject PHP code into wp-config.php during the database setup step, resulting in arbitrary code execu...