Vulnerabilities > Pixelpost > Pixelpost > 1.5.rc1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-06-07 | CVE-2006-2891 | Cross-Site Scripting vulnerability in Pixelpost 1.5Rc1 Cross-site scripting (XSS) vulnerability in admin/index.php for Pixelpost 1-5rc1-2 and earlier allows remote attackers to inject arbitrary HTML or web script via the loginmessage parameter. | 2.6 |
| 2006-06-07 | CVE-2006-2890 | SQL Injection vulnerability in Pixelpost 1.5Rc1 Pixelpost 1-5rc1-2 and earlier, when register_globals is enabled, allows remote attackers to gain administrator privileges and conduct other attacks by setting the _SESSION["pixelpost_admin"] parameter to 1 in calls to admin scripts such as admin/view_info.php. | 5.1 |