KuaiFanCMS 5.0 - Remote Code Execution via eval Injection in install.php

KuaiFanCMS 5.0 - Remote Code Execution via eval Injection in install.php

CVE-2019-14746 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request.

Learn more about our Cms Pen Testing.