Lucene search

[email protected]CVE-2006-1426

HistoryMar 28, 2006 - 8:02 p.m.

CVE-2006-1426

2006-03-2820:02:00

[email protected]

web.nvd.nist.gov

cve

2006

1426

pixel motion blog

sql injection

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.5%

JSON

Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remote attackers to execute arbitrary SQL commands via the (1) date parameter in index.php or bypass authentication via the (2) password parameter in admin/index.php.

Affected configurations

NVD

Node

pixel_motionpixel_motion_blog

CPENameOperatorVersion
pixel_motion:pixel_motion_blogpixel motion pixel motion blogeq*

CPE	Name	Operator	Version
pixel_motion:pixel_motion_blog	pixel motion pixel motion blog	eq	*

References

secunia.com/advisories/19421

www.osvdb.org/24168

www.osvdb.org/24169

www.securityfocus.com/archive/1/428964/100/0/threaded

www.securityfocus.com/bid/17260

www.vupen.com/english/advisories/2006/1135

exchange.xforce.ibmcloud.com/vulnerabilities/25478

exchange.xforce.ibmcloud.com/vulnerabilities/25481

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.5%

JSON

Related for CVE-2006-1426

prion1 cvelist1 nvd1