Foam

**Name of the Vulnerable Software and Affected Versions** KuaiFanCMS version 5.0 **Description** A issue was discovered that allows eval injection by placing PHP code in the `db name` parameter and then making a request to the "config.php" endpoint. **Recommendations** For KuaiFanCMS version 5.0, avoid using the `db name` parameter in the install.php file until a fix is available. As a temporary workaround, consider restricting access to the install.php file and the config.php endpoint to minimize the risk of exploitation.