Critical severity9.8NVD Advisory· Published Sep 19, 2018· Updated Jun 17, 2026
CVE-2018-17207
CVE-2018-17207
Description
An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and installer-backup.php), an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <1.2.42
Patches
Vulnerability mechanics
References
2- www.synacktiv.com/ressources/advisories/WordPress_Duplicator-1.2.40-RCE.pdfnvdExploitThird Party Advisory
- snapcreek.com/duplicator/docs/changelog/nvdVendor Advisory
News mentions
0No linked articles in our index yet.