zKup CMS 2.0 up to and including 2.3 does not require administrative authentication for admin/configuration/modifier.php, which allows remote malicious users to gain administrator privileges via a direct request, as demonstrated by adding a new administrator.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zkup zkup 2.03 |
||
zkup zkup 2.01 |
||
zkup zkup 2.02 |
||
zkup zkup 2.0 |