CVE-2008-7123

Опубликовано: 31 авг. 2009

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Static code injection vulnerability in admin/configuration/modifier.php in zKup CMS 2.0 through 2.3 allows remote attackers to inject arbitrary PHP code into fichiers/config.php via a null byte (%00) in the login parameter in an ajout action, which bypasses the regular expression check.

Ссылки

http://osvdb.org/43082
http://secunia.com/advisories/29276
Vendor Advisory
http://www.securityfocus.com/bid/28149
Exploit
http://www.zkup.fr/actualite-zkup/maj-critique-v203v204.html
Patch
https://www.exploit-db.com/exploits/5220
http://osvdb.org/43082
http://secunia.com/advisories/29276
Vendor Advisory
http://www.securityfocus.com/bid/28149
Exploit
http://www.zkup.fr/actualite-zkup/maj-critique-v203v204.html
Patch
https://www.exploit-db.com/exploits/5220

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:zkup:zkup:2.0:*:*:*:*:*:*:*

cpe:2.3:a:zkup:zkup:2.01:*:*:*:*:*:*:*

cpe:2.3:a:zkup:zkup:2.02:*:*:*:*:*:*:*

cpe:2.3:a:zkup:zkup:2.03:*:*:*:*:*:*:*

EPSS

Процентиль: 83%

0.0183

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-7qc8-58ff-g8vx

github

больше 3 лет назад