Vulnerabilities > Pixelpost > Pixelpost > 1.4.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-03-09 | CVE-2006-1106 | Input Validation vulnerability in Pixelpost Cross-site scripting (XSS) vulnerability in Pixelpost 1.5 beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) message, (2) name, (3) url, and (4) email parameters when commenting on a post. network pixelpost | 4.3 |
| 2006-03-09 | CVE-2006-1105 | Input Validation vulnerability in Pixelpost Pixelpost 1.5 beta 1 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. | 5.0 |
| 2006-03-09 | CVE-2006-1104 | Input Validation vulnerability in Pixelpost Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the showimage parameter in index.php; and the (2) USER_AGENT, (3) HTTP_REFERER, and (4) HTTP_HOST HTTP header fields as used in the book_vistor function in includes/functions.php. | 7.5 |