CVE-2018-17207

Name of the Vulnerable Software and Affected Versions Snap Creek Duplicator versions prior to 1.2.42

Description An issue allows an attacker to inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution by accessing leftover installer files, specifically installer.php and installer-backup.php.

Recommendations For versions prior to 1.2.42, update to version 1.2.42 or later to resolve the issue. As a temporary workaround, consider removing or restricting access to the installer.php and installer-backup.php files to minimize the risk of exploitation.