Vulnerabilities > Pixelpost

DATE CVE VULNERABILITY TITLE RISK
2019-11-12 CVE-2010-3305 Cross-Site Request Forgery (CSRF) vulnerability in Pixelpost 1.7.3
Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 could allow remote attackers to change the admin password.
network
pixelpost CWE-352
6.8
2019-10-28 CVE-2009-4900 Cross-site Scripting vulnerability in Pixelpost 1.7.15
pixelpost 1.7.1 has XSS
network
pixelpost CWE-79
4.3
2019-10-28 CVE-2009-4899 SQL Injection vulnerability in Pixelpost 1.7.15
pixelpost 1.7.1 has SQL injection
network
low complexity
pixelpost CWE-89
7.5
2018-06-26 CVE-2018-0606 SQL Injection vulnerability in Pixelpost 1.7.3
SQL injection vulnerability in the Pixelpost v1.7.3 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
pixelpost CWE-89
6.5
2018-06-26 CVE-2018-0605 Cross-site Scripting vulnerability in Pixelpost 1.7.15/1.7.3
Cross-site scripting vulnerability in Pixelpost v1.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
pixelpost CWE-79
4.3
2018-06-26 CVE-2018-0604 Unspecified vulnerability in Pixelpost 1.7.3
Pixelpost v1.7.3 and earlier allows remote code execution via unspecified vectors.
network
low complexity
pixelpost
6.5
2011-09-24 CVE-2011-3792 Information Exposure vulnerability in Pixelpost 1.7.3
Pixelpost 1.7.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/functions_feeds.php and certain other files.
network
low complexity
pixelpost CWE-200
5.0
2011-02-25 CVE-2011-1100 SQL Injection vulnerability in Pixelpost 1.7.3
Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) findfid, (2) id, (3) selectfcat, (4) selectfmon, or (5) selectftag parameter in an images action.
network
low complexity
pixelpost CWE-89
6.5
2008-07-30 CVE-2008-3365 Path Traversal vulnerability in Pixelpost 1.7.1
Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on Windows, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a ..
6.8
2008-01-18 CVE-2008-0358 SQL Injection vulnerability in Pixelpost 1.7
SQL injection vulnerability in index.php in Pixelpost 1.7 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter.
network
pixelpost CWE-89
6.8