Vulnerabilities > CVE-2006-5086 - SQL-Injection vulnerability in Pixel Motion Pixel Motion Blog 2.1.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Blog Pixel Motion 2.1.1 allows remote attackers to change the username and password for the admin user via a direct request to insere_base.php with modified (1) login and (2) pass parameters. NOTE: this issue was claimed to be SQL injection by the original researcher, but it is not.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Blog Pixel Motion 2.1.1 PHP Code Execution / Create Admin Exploit. CVE-2006-5085,CVE-2006-5086. Webapps exploit for php platform |
id | EDB-ID:2441 |
last seen | 2016-01-31 |
modified | 2006-09-27 |
published | 2006-09-27 |
reporter | DarkFig |
source | https://www.exploit-db.com/download/2441/ |
title | Blog Pixel Motion 2.1.1 PHP Code Execution / Create Admin Exploit |