Vulnerabilities > CVE-2006-2889 - Unspecified vulnerability in Pixelpost

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

pixelpost

nessus

exploit available

NVD

Published: 2006-06-07

Updated: 2024-11-21

Summary

Multiple SQL injection vulnerabilities in index.php in Pixelpost 1-5rc1-2 and earlier allow remote attackers to execute arbitrary SQL commands, and leverage them to gain administrator privileges, via the (1) category or (2) archivedate parameter.

Vulnerable Configurations

Part	Description	Count
Application	Pixelpost Pixelpost Pixelpost *	1

Exploit-Db

description	Pixelpost <= 1-5rc1-2 Remote Privilege Escalation Exploit. CVE-2006-2889. Webapps exploit for php platform
id	EDB-ID:1868
last seen	2016-01-31
modified	2006-06-03
published	2006-06-03
reporter	rgod
source	https://www.exploit-db.com/download/1868/
title	Pixelpost <= 1-5rc1-2 - Remote Privilege Escalation Exploit

Nessus

NASL family	CGI abuses
NASL id	PIXELPOST_CATEGORY_SQL_INJECTION.NASL
description	The remote host is running Pixelpost, a photo blog application based on PHP and MySQL. The version of Pixelpost installed on the remote fails to sanitize user-supplied input to the
last seen	2020-06-01
modified	2020-06-02
plugin id	21645
published	2006-06-06
reporter	This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/21645
title	Pixelpost index.php category Parameter SQL Injection

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References