← back
CVE-2008-1866

CVE-2008-1866

EPSS 5.2%
admin/modif_config.php in Blog Pixel Motion (aka PixelMotion) does not require admin authentication, which allows remote authenticated users to upload arbitrary PHP scripts in a ZIP archive, which is written to templateZip/ and then automatically extracted under templates/ for execution via a direct request.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/5381unverifiedexploitdbwww.exploit-db.com/exploits/5380unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/41670https://www.exploit-db.com/exploits/5381http://www.securityfocus.com/bid/28646http://www.vupen.com/english/advisories/2008/1121/references