EUVD-2018-10603

Malware in sbrugna...

CVE-2014-125116 HybridAuth 2.0.9 - 2.2.2 Unauthenticated RCE via install.php Configuration Injection

A remote code execution vulnerability exists in HybridAuth versions 2.0.9 through 2.2.2 due to insecure use of the install.php installation script. The script remains accessible after deployment and fails to sanitize input before writing to the application’s config.php file. An unauthenticated...

CVE-2022-25101

A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2018-20614

public\install\install.php in CIM 0.9.3 allows remote attackers to reload the product via the public/install//step3 URI...

SUSE CVE-2008-0123

Cross-site scripting XSS vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter. NOTE: this issue only exists until the installation is complete...

CVE-2019-7719

Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request...

CVE-2018-17126

CScms 4.1 allows remote code execution, as demonstrated by 1';eval$POSTcmd; in Web Name to upload\plugins\sys\Install.php...

PHP-Agenda 2.2.5 File Overwrite

Salvatore "drosophila" Fresta + Application: PHP-agenda + Version: PHP-agenda To execute commands: http://www.site.com/path/config.inc.php?cmd=uname -a + Fix You must delete install.php after installation...