Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1866

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2008-1866
Last Modified 07 Mar 2011 10:07:58
Published 17 Apr 2008 03:05:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-1866

Summary

admin/modif_config.php in Blog Pixel Motion (aka PixelMotion) does not require admin authentication, which allows remote authenticated users to upload arbitrary PHP scripts in a ZIP archive, which is written to templateZip/ and then automatically extracted under templates/ for execution via a direct request.

Vulnerable Systems

Application

  • Pixel Motion Blog


References

XF - blogpixelmotion-modifconfig-file-upload(41670)

VUPEN - ADV-2008-1121

BID - 28646

MILW0RM - 5381


Last Updated: 27 May 2016 10:47:40