CVEs-PoC/2008/CVE-2008-1866.md

CVE-2008-1866

Description

admin/modif_config.php in Blog Pixel Motion (aka PixelMotion) does not require admin authentication, which allows remote authenticated users to upload arbitrary PHP scripts in a ZIP archive, which is written to templateZip/ and then automatically extracted under templates/ for execution via a direct request.

POC

Reference

• https://www.exploit-db.com/exploits/5381

Github

No PoCs found on GitHub currently.