Unrated severityNVD Advisory· Published Apr 17, 2008· Updated Jun 16, 2026
CVE-2008-1866
CVE-2008-1866
Description
admin/modif_config.php in Blog Pixel Motion (aka PixelMotion) does not require admin authentication, which allows remote authenticated users to upload arbitrary PHP scripts in a ZIP archive, which is written to templateZip/ and then automatically extracted under templates/ for execution via a direct request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:pixel_motion:pixel_motion_blog:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:pixel_motion:pixel_motion_blog:*:*:*:*:*:*:*:*
- (no CPE)
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.