CVE-2006-1104

🗓️ 09 Mar 2006 11:00:00Reported by mitreType

cve

cve🔗 web.nvd.nist.gov👁 39 Views🌐 WEB

CVE-2006-1104, SQL injection vulnerabilities in Pixelpost 1.5 beta

Reporter	Title	Published	Views	Family All 5
Cvelist	CVE-2006-1104	9 Mar 200611:00	–	cvelist
EUVD	EUVD-2006-1108	7 Oct 202500:30	–	euvd
NVD	CVE-2006-1104	9 Mar 200613:06	–	nvd
Tenable Nessus	Pixelpost < 1.5 RC1 showimage Parameter SQL Injection	13 Mar 200600:00	–	nessus
Prion	Sql injection	9 Mar 200613:06	–	prion

NVD

Node

pixelpost pixelpostMatch1.4.3

OR

pixelpost pixelpostMatch1.5_beta1

Source	Link
securityfocus	www.securityfocus.com/archive/1/426764/100/0/threaded
forum	www.forum.pixelpost.org/showthread.php
securityfocus	www.securityfocus.com/bid/16964
vupen	www.vupen.com/english/advisories/2006/0823
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/25046
neosecurityteam	www.neosecurityteam.net/index.php
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/25044

Parameter	Position	Path	Description	CWE
showimage	query param	index.php	SQL injection via showimage parameter in index.php (Pixelpost 1.5 beta1 and earlier).	CWE-89
USER_AGENT	header	index.php	SQL injection via HTTP headers (USER_AGENT, HTTP_REFERER, HTTP_HOST) as used in the book_vistor function in includes/functions.php.	CWE-89
HTTP_REFERER	header	index.php	SQL injection via HTTP headers (USER_AGENT, HTTP_REFERER, HTTP_HOST) as used in the book_vistor function in includes/functions.php.	CWE-89
HTTP_HOST	header	index.php	SQL injection via HTTP headers (USER_AGENT, HTTP_REFERER, HTTP_HOST) as used in the book_vistor function in includes/functions.php.	CWE-89

16 Jun 2026 22:22Current

8.5High risk

Vulners AI Score8.5

CVSS 27.5

EPSS0.01477

cve sql injection pixelpost security vulnerability remote attackers index.php includes/functions.php