CVE-2018-5749

Name of the Vulnerable Software and Affected Versions: Minecraft Servers List Lite versions prior to commit c1cd164 Premium Minecraft Servers List versions prior to 2.0.4

Description: The issue is related to the install.php file, which does not properly sanitize input before saving database connection information in connect.php. This could allow remote attackers to execute arbitrary PHP code via the database server, database user, database password, or database name parameters.

Recommendations: For Minecraft Servers List Lite versions prior to commit c1cd164, update to a version that includes the fix from commit c1cd164. For Premium Minecraft Servers List versions prior to 2.0.4, update to version 2.0.4 or later. As a temporary workaround, consider restricting access to the install.php file and ensuring proper input validation for the database server, database user, database password, and database name parameters in connect.php.