Critical severity9.8NVD Advisory· Published Jan 23, 2018· Updated Jun 17, 2026
CVE-2018-5749
CVE-2018-5749
Description
install.php in Minecraft Servers List Lite before commit c1cd164 and Premium Minecraft Servers List before 2.0.4 does not sanitize input before saving database connection information in connect.php, which might allow remote attackers to execute arbitrary PHP code via the (1) database_server, (2) database_user, (3) database_password, or (4) database_name parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: < 2.0.4
Patches
Vulnerability mechanics
References
1- www.rastating.com/minecraft-servers-list-unauthenticated-shell-upload/nvdExploitMitigationPatchThird Party Advisory
News mentions
0No linked articles in our index yet.