CVE-2018-14729
HIGHDiscuz! 1.5-2.5 - Remote Code Execution via Database Backup Feature
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2018-14729. PoCs published by c0010.
AI-analyzed exploit summary The repository contains only a README.md file with a CVE identifier and no functional exploit code or technical details. It appears to be a placeholder or stub.
Description
The database backup feature in upload/source/admincp/admincp_db.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code.
Exploits (1)
nomisec
STUB
1 stars
by c0010 · poc
https://github.com/c0010/CVE-2018-14729
The repository contains only a README.md file with a CVE identifier and no functional exploit code or technical details. It appears to be a placeholder or stub.
Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target:
unknown
No auth needed
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (4)
Core 4
Core References
Vendor Advisory x_refsource_misc
http://tencent.com
Vendor Advisory x_refsource_misc
http://discuz.com
Exploit, Third Party Advisory x_refsource_misc
https://github.com/FoolMitAh/CVE-2018-14729/blob/master/Discuz_backend_getshell.md
Third Party Advisory x_refsource_misc
http://www.cnvd.org.cn/flaw/show/CNVD-2018-17059
Scores
CVSS v3
8.8
EPSS
0.5723
EPSS Percentile
98.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (1)
comsenz/discuz\!
1.5 - 2.5
Published
May 22, 2019
Tracked Since
Feb 18, 2026