Vulnerabilities > CVE-2006-5086 - SQL-Injection vulnerability in Pixel Motion Pixel Motion Blog 2.1.1

047910
CVSS 6.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
pixel-motion
exploit available

Summary

Blog Pixel Motion 2.1.1 allows remote attackers to change the username and password for the admin user via a direct request to insere_base.php with modified (1) login and (2) pass parameters. NOTE: this issue was claimed to be SQL injection by the original researcher, but it is not.

Vulnerable Configurations

Part Description Count
Application
Pixel_Motion
1

Exploit-Db

descriptionBlog Pixel Motion 2.1.1 PHP Code Execution / Create Admin Exploit. CVE-2006-5085,CVE-2006-5086. Webapps exploit for php platform
idEDB-ID:2441
last seen2016-01-31
modified2006-09-27
published2006-09-27
reporterDarkFig
sourcehttps://www.exploit-db.com/download/2441/
titleBlog Pixel Motion 2.1.1 PHP Code Execution / Create Admin Exploit