Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Static code injection vulnerability in admin/configuration/modifier.php in zKup CMS 2.0 through 2.3 allows remote attackers to inject arbitrary PHP code into fichiers/config.php via a null byte (%00) in the login parameter in an ajout action, which bypasses the regular expression check.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
zKup 'admin/configuration/modifier.php' 静态代码注入漏洞
Vulnerability Description
zKup CMS 2.0到2.3版本中的admin/configuration/modifier.php存在静态代码注入漏洞。远程攻击者可以借助ajout操作中的login参数里的一个空byte(%00),注入任意的PHP代码到fichiers/config.php。它会绕过日常的表述检查。
CVSS Information
N/A
Vulnerability Type
N/A