← back
CVE-2008-7123

CVE-2008-7123

EPSS 4.1%
Static code injection vulnerability in admin/configuration/modifier.php in zKup CMS 2.0 through 2.3 allows remote attackers to inject arbitrary PHP code into fichiers/config.php via a null byte (%00) in the login parameter in an ajout action, which bypasses the regular expression check.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/5220unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://osvdb.org/43082http://secunia.com/advisories/29276https://www.exploit-db.com/exploits/5220http://www.securityfocus.com/bid/28149http://www.zkup.fr/actualite-zkup/maj-critique-v203v204.html