Vulnerabilities

CVE-2008-1866

by Fred · 17/04/2008

admin/modif_config.php in Blog Pixel Motion (aka PixelMotion) does not require admin authentication, which allows remote authenticated users to upload arbitrary PHP scripts in a ZIP archive, which is written to templateZip/ and then automatically extracted under templates/ for execution via a direct request.

Date published : 2008-04-17

http://www.securityfocus.com/bid/28646

https://www.exploit-db.com/exploits/5381

Similar

Tags: Cybersecurity Alert