返回 CVE 瀏覽器

CVE-2019-9002

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1970%

EPSS Percentile27.49th

Published2019年2月22日

Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through 1.3.2c. install/config-setup.php allows remote attackers to execute arbitrary PHP code via the database_host parameter if the installer remains present in its original directory after installation is completed.

Affected Platforms (CPE)

📦

Tiny Issue Project

Tiny Issue

= 1.3.1

📦

Pixeline

Bugs

<= 1.3.2c

References & Advisories

🔗 https://github.com/mikelbring/tinyissue/issues/237

🔗 https://github.com/pixeline/bugs/commit/9d2d3fcdea22e94f7b497f6ed83791ab3a31ee41

🔗 https://github.com/mikelbring/tinyissue/issues/237

🔗 https://github.com/pixeline/bugs/commit/9d2d3fcdea22e94f7b497f6ed83791ab3a31ee41

相關漏洞威脅

CVE-2020-257879.8

An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them.

CVE-2020-364388.1

An issue was discovered in the tiny_future crate before 0.4.0 for Rust. Future<T> does not have bounds on its Send and Sync traits...

CVE-2020-257888.1

An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. imgproxy in plugins/af_proxy_http/init.php mishandles $_R...

CVE-2021-355358.1

Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series allows an attacker who manages to get a...