cvedb.io
CVE-2018-5749
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2018-01-23T19:29:00.247 · Last modified 2026-06-17T02:00:42.927

Summary

install.php in Minecraft Servers List Lite before commit c1cd164 and Premium Minecraft Servers List before 2.0.4 does not sanitize input before saving database connection information in connect.php, which might allow remote attackers to execute arbitrary PHP code via the (1) database_server, (2) database_user, (3) database_password, or (4) database_name parameter.

Affected products

premium_minecraft_servers_list_project — premium_minecraft_servers_list

Does this affect you?

Add your gear to cvedb and we'll alert you only when premium_minecraft_servers_list_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.