Filtered by vendor Snapcreek
Subscribe
Search
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-25095 | 1 Snapcreek | 1 Duplicator | 2024-01-11 | N/A | 9.8 CRITICAL |
| The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server. | |||||
| CVE-2018-17207 | 1 Snapcreek | 1 Duplicator | 2021-10-18 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and installer-backup.php), an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution. | |||||