Vulnerabilities > Pixelpost
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-06-07 | CVE-2006-2891 | Cross-Site Scripting vulnerability in Pixelpost 1.5Rc1 Cross-site scripting (XSS) vulnerability in admin/index.php for Pixelpost 1-5rc1-2 and earlier allows remote attackers to inject arbitrary HTML or web script via the loginmessage parameter. | 2.6 |
| 2006-06-07 | CVE-2006-2890 | SQL Injection vulnerability in Pixelpost 1.5Rc1 Pixelpost 1-5rc1-2 and earlier, when register_globals is enabled, allows remote attackers to gain administrator privileges and conduct other attacks by setting the _SESSION["pixelpost_admin"] parameter to 1 in calls to admin scripts such as admin/view_info.php. | 5.1 |
| 2006-06-07 | CVE-2006-2889 | SQL Injection vulnerability in Pixelpost Multiple SQL injection vulnerabilities in index.php in Pixelpost 1-5rc1-2 and earlier allow remote attackers to execute arbitrary SQL commands, and leverage them to gain administrator privileges, via the (1) category or (2) archivedate parameter. | 5.1 |
| 2006-03-09 | CVE-2006-1106 | Input Validation vulnerability in Pixelpost Cross-site scripting (XSS) vulnerability in Pixelpost 1.5 beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) message, (2) name, (3) url, and (4) email parameters when commenting on a post. network pixelpost | 4.3 |
| 2006-03-09 | CVE-2006-1105 | Input Validation vulnerability in Pixelpost Pixelpost 1.5 beta 1 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. | 5.0 |
| 2006-03-09 | CVE-2006-1104 | Input Validation vulnerability in Pixelpost Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the showimage parameter in index.php; and the (2) USER_AGENT, (3) HTTP_REFERER, and (4) HTTP_HOST HTTP header fields as used in the book_vistor function in includes/functions.php. | 7.5 |
| 2006-01-25 | CVE-2006-0409 | HTML Injection vulnerability in Pixelpost Photoblog 1.4.3 Cross-site scripting (XSS) vulnerability in index.php in Pixelpost Photoblog 1.4.3 allows remote attackers to inject arbitrary web script or HTML via the "Add Comment" field in a comment popup. network pixelpost | 4.3 |