CVE-2006-1426

Опубликовано: 28 мар. 2006

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remote attackers to execute arbitrary SQL commands via the (1) date parameter in index.php or bypass authentication via the (2) password parameter in admin/index.php.

Ссылки

http://secunia.com/advisories/19421
Exploit
Vendor Advisory
http://www.osvdb.org/24168
http://www.osvdb.org/24169
http://www.securityfocus.com/archive/1/428964/100/0/threaded
http://www.securityfocus.com/bid/17260
Exploit
http://www.vupen.com/english/advisories/2006/1135
https://exchange.xforce.ibmcloud.com/vulnerabilities/25478
https://exchange.xforce.ibmcloud.com/vulnerabilities/25481
http://secunia.com/advisories/19421
Exploit
Vendor Advisory
http://www.osvdb.org/24168
http://www.osvdb.org/24169
http://www.securityfocus.com/archive/1/428964/100/0/threaded
http://www.securityfocus.com/bid/17260
Exploit
http://www.vupen.com/english/advisories/2006/1135
https://exchange.xforce.ibmcloud.com/vulnerabilities/25478
https://exchange.xforce.ibmcloud.com/vulnerabilities/25481

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pixel_motion:pixel_motion_blog:*:*:*:*:*:*:*:*

EPSS

Процентиль: 84%

0.02075

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-2jcg-8888-49p2

github

почти 4 года назад