What is CVE-2018-17207?

CVE-2018-17207 is a vulnerability in N/a. Published 2018-09-19.

Is CVE-2018-17207 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-17207

An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and installer-backup.php), an attacker can inject PHP code into wp-config.php during the database setup step, achieving ar…

EPSS: 0.912 (99.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

cved-sources/cve-2018-17207
rapid7/metasploit-framework
0xT11/CVE-POC
20142995/nuclei-templates
VTFoundation/vulnerablewp
waleedzafar68/vulnerablewp

References

snapcreek.com/duplicator/docs/changelog/ (x_refsource_MISC)
www.synacktiv.com/ressources/advisories/WordPress_Duplicator-1.2.40-RCE.pdf (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-17207?: CVE-2018-17207 is a vulnerability in N/a. Published 2018-09-19.
Is CVE-2018-17207 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.