CVE-2008-7123

Name of the Vulnerable Software and Affected Versions zKup CMS versions 2.0 through 2.3

Description A static code injection issue allows remote attackers to inject arbitrary PHP code into fichiers/config.php by exploiting a null byte (%00) in the login parameter in an ajout action, bypassing the regular expression check.

Recommendations For zKup CMS versions 2.0 through 2.3, as a temporary workaround, consider restricting access to the modifier.php file in the admin/configuration directory until a patch is available. Avoid using the login parameter in the ajout action with a null byte (%00) to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.