Multiple static code injection vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to inject arbitrary PHP code (1) into settings.php via the menu parameter to admin_settings.php or (2) into a content/NUMBER.php file via the title parameter to admin_new.php.
Publication date: Sun, 05 Jul 2009 21:30:00 +0000