CVE-2009-2331 Information

Description

Multiple static code injection vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to inject arbitrary PHP code (1) into settings.php via the menu parameter to admin_settings.php or (2) into a content/=NUMBER.php file via the title parameter to admin_new.php.

Reference

http://osvdb.org/55672 http://osvdb.org/55673 http://www.exploit-db.com/exploits/9069