Vulnerability Details CVE-2018-5749
install.php in Minecraft Servers List Lite before commit c1cd164 and Premium Minecraft Servers List before 2.0.4 does not sanitize input before saving database connection information in connect.php, which might allow remote attackers to execute arbitrary PHP code via the (1) database_server, (2) database_user, (3) database_password, or (4) database_name parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.033
EPSS Ranking 86.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2018-5749
-
cpe:2.3:a:minecraft_servers_list_lite_project:minecraft_servers_list_lite:1.0
-
cpe:2.3:a:minecraft_servers_list_lite_project:minecraft_servers_list_lite:1.0.1
-
cpe:2.3:a:minecraft_servers_list_lite_project:minecraft_servers_list_lite:1.0.2
-
cpe:2.3:a:minecraft_servers_list_lite_project:minecraft_servers_list_lite:1.0.3
-
cpe:2.3:a:minecraft_servers_list_lite_project:minecraft_servers_list_lite:1.0.4
-
cpe:2.3:a:premium_minecraft_servers_list_project:premium_minecraft_servers_list:1.1
-
cpe:2.3:a:premium_minecraft_servers_list_project:premium_minecraft_servers_list:1.2
-
cpe:2.3:a:premium_minecraft_servers_list_project:premium_minecraft_servers_list:1.3
-
cpe:2.3:a:premium_minecraft_servers_list_project:premium_minecraft_servers_list:1.4
-
cpe:2.3:a:premium_minecraft_servers_list_project:premium_minecraft_servers_list:1.5
-
cpe:2.3:a:premium_minecraft_servers_list_project:premium_minecraft_servers_list:1.5.4
-
cpe:2.3:a:premium_minecraft_servers_list_project:premium_minecraft_servers_list:1.5.5
-
cpe:2.3:a:premium_minecraft_servers_list_project:premium_minecraft_servers_list:1.5.6
-
cpe:2.3:a:premium_minecraft_servers_list_project:premium_minecraft_servers_list:1.5.7