admin/upload_files.php in Zomplog 3.8.1 and previous versions does not check for administrative credentials, which allows remote malicious users to perform administrative actions via a direct request. NOTE: this can be leveraged for code execution by exploiting CVE-2007-5231.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zomplog zomplog 3.7.6 |
||
zomplog zomplog 3.8 |
||
zomplog zomplog 3.8.1 |
||
zomplog zomplog 3.7 |