Vulnerabilities > CVE-2006-2889 - SQL Injection vulnerability in Pixelpost
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in index.php in Pixelpost 1-5rc1-2 and earlier allow remote attackers to execute arbitrary SQL commands, and leverage them to gain administrator privileges, via the (1) category or (2) archivedate parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Pixelpost <= 1-5rc1-2 Remote Privilege Escalation Exploit. CVE-2006-2889. Webapps exploit for php platform |
| id | EDB-ID:1868 |
| last seen | 2016-01-31 |
| modified | 2006-06-03 |
| published | 2006-06-03 |
| reporter | rgod |
| source | https://www.exploit-db.com/download/1868/ |
| title | Pixelpost <= 1-5rc1-2 - Remote Privilege Escalation Exploit |
Nessus
| NASL family | CGI abuses |
| NASL id | PIXELPOST_CATEGORY_SQL_INJECTION.NASL |
| description | The remote host is running Pixelpost, a photo blog application based on PHP and MySQL. The version of Pixelpost installed on the remote fails to sanitize user-supplied input to the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 21645 |
| published | 2006-06-06 |
| reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/21645 |
| title | Pixelpost index.php category Parameter SQL Injection |