Mrfko

**Name of the Vulnerable Software and Affected Versions** Tiny Issue versions 1.3.1 through 1.3.2c pixeline Bugs versions 1.3.1 through 1.3.2c **Description** An issue allows remote attackers to execute arbitrary PHP code via the `database host` parameter in the install/config-setup.php file if the installer remains present in its original directory after installation is completed. **Recommendations** For Tiny Issue versions 1.3.1 through 1.3.2c, remove the installer from its original directory after installation is completed to prevent exploitation. For pixeline Bugs versions 1.3.1 through 1.3.2c, remove the installer from its original directory after installation is completed to prevent exploitation.