CVE-2008-1866

Name of the Vulnerable Software and Affected Versions Blog Pixel Motion (affected versions not specified)

Description The issue concerns a lack of admin authentication in the admin/modif config.php file, allowing remote authenticated users to upload arbitrary PHP scripts within a ZIP archive. This archive is then written to the templateZip/ directory and automatically extracted under templates/, enabling execution via a direct request.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.