Pixel Motion : Security Vulnerabilities, CVEs, CVSS score >= 9
admin/modif_config.php in Blog Pixel Motion (aka PixelMotion) does not require admin authentication, which allows remote authenticated users to upload arbitrary PHP scripts in a ZIP archive, which is written to templateZip/ and then automatically extracted under templates/ for execution via a direct request.
Max CVSS
9.0
EPSS Score
1.93%
Published
2008-04-17
Updated
2017-09-29
1 vulnerabilities found