Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7124

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-7124
Last Modified 31 Aug 2009 12:00:00
Published 31 Aug 2009 06:30:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-7124

Summary

zKup CMS 2.0 through 2.3 does not require administrative authentication for admin/configuration/modifier.php, which allows remote attackers to gain administrator privileges via a direct request, as demonstrated by adding a new administrator.

Vulnerable Systems

Application

  • Zkup 2.0

  • Zkup 2.01

  • Zkup 2.02

  • Zkup 2.03


References

CONFIRM - http://www.zkup.fr/actualite-zkup/maj-critique-v203v204.html

XF - zkup-modifier-authentication-bypass(41068)

BID - 28149

MILW0RM - 5220

MILW0RM - 5219

SECUNIA - 29276

OSVDB - 43081


Last Updated: 27 May 2016 10:49:28