CyberSec.Space Logo
Back to CVE Browser

CVE-2019-9002

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1970%
EPSS Percentile27.49th
PublishedFeb 22, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through 1.3.2c. install/config-setup.php allows remote attackers to execute arbitrary PHP code via the database_host parameter if the installer remains present in its original directory after installation is completed.

Affected Platforms (CPE)

πŸ“¦
Tiny Issue Project

Tiny Issue

= 1.3.1
πŸ“¦
Pixeline

Bugs

<= 1.3.2c

References & Advisories

πŸ”— https://github.com/mikelbring/tinyissue/issues/237
πŸ”— https://github.com/pixeline/bugs/commit/9d2d3fcdea22e94f7b497f6ed83791ab3a31ee41
πŸ”— https://github.com/mikelbring/tinyissue/issues/237
πŸ”— https://github.com/pixeline/bugs/commit/9d2d3fcdea22e94f7b497f6ed83791ab3a31ee41

Related Vulnerabilities

CVE-2020-257879.8

An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them.

CVE-2020-364388.1

An issue was discovered in the tiny_future crate before 0.4.0 for Rust. Future<T> does not have bounds on its Send and Sync traits...

CVE-2020-257888.1

An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. imgproxy in plugins/af_proxy_http/init.php mishandles $_R...

CVE-2021-355358.1

Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series allows an attacker who manages to get a...