CVE-2008-1860

Severity CVSS v4.0:
Pending analysis
Type:
CWE-94 Code Injection
Publication date:
17/04/2008
Last modified:
09/04/2025

Description

Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to inject arbitrary PHP code into includes/Config.php via the default parameter.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:lokicms:lokicms:*:*:*:*:*:*:*:* 0.3.3 (including)
cpe:2.3:a:lokicms:lokicms:0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:lokicms:lokicms:0.1.0rc1:*:*:*:*:*:*:*
cpe:2.3:a:lokicms:lokicms:0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:lokicms:lokicms:0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:lokicms:lokicms:0.3.1b1:*:*:*:*:*:*:*
cpe:2.3:a:lokicms:lokicms:0.3.1b2:*:*:*:*:*:*:*
cpe:2.3:a:lokicms:lokicms:0.3.2b1:*:*:*:*:*:*:*