VYPR
Unrated severityNVD Advisory· Published Aug 31, 2009· Updated Jun 16, 2026

CVE-2008-7123

CVE-2008-7123

Description

Static code injection vulnerability in admin/configuration/modifier.php in zKup CMS 2.0 through 2.3 allows remote attackers to inject arbitrary PHP code into fichiers/config.php via a null byte (%00) in the login parameter in an ajout action, which bypasses the regular expression check.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

5
  • Zkup/Zkup5 versions
    cpe:2.3:a:zkup:zkup:2.0:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:zkup:zkup:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:zkup:zkup:2.01:*:*:*:*:*:*:*
    • cpe:2.3:a:zkup:zkup:2.02:*:*:*:*:*:*:*
    • cpe:2.3:a:zkup:zkup:2.03:*:*:*:*:*:*:*
    • (no CPE)range: 2.0-2.3

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.