3 matches found
CVE-2008-7124
zKup CMS 2.0 through 2.3 does not require administrative authentication for admin/configuration/modifier.php, which allows remote attackers to gain administrator privileges via a direct request, as demonstrated by adding a new administrator...
CVE-2008-7124
zKup CMS versions 2.0–2.3 expose a direct-requests flaw: admin/configuration/modifier.php does not require administrative authentication, enabling remote attackers to gain administrator privileges by adding a new admin. Impact is described as privilege escalation to admin; exploitation details ar...
CVE-2008-7124
creationtimestamp| type| source ---|---|--- 2008-03-07 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/5219 2008-03-07 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/5220...