CVE-2008-7123

Sažetak

Static code injection vulnerability in admin/configuration/modifier.php in zKup CMS 2.0 through 2.3 allows remote attackers to inject arbitrary PHP code into fichiers/config.php via a null byte (%00) in the login parameter in an ajout action, which bypasses the regular expression check.

Reference

http://osvdb.org/43082
http://secunia.com/advisories/29276
http://www.securityfocus.com/bid/28149
http://www.zkup.fr/actualite-zkup/maj-critique-v203v204.html
https://www.exploit-db.com/exploits/5220

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-09-2017 - 01:33

Objavljeno

31-08-2009 - 10:30