Lucene search

[email protected]CVE-2006-2890

HistoryJun 07, 2006 - 10:02 a.m.

CVE-2006-2890

2006-06-0710:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

pixelpost

cve-2006-2890

remote attackers

admin privileges

security vulnerability

7.8 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.6%

JSON

Pixelpost 1-5rc1-2 and earlier, when register_globals is enabled, allows remote attackers to gain administrator privileges and conduct other attacks by setting the _SESSION[“pixelpost_admin”] parameter to 1 in calls to admin scripts such as admin/view_info.php.

CPENameOperatorVersion
pixelpost:pixelpostpixelposteq1.5_rc1

CPE	Name	Operator	Version
pixelpost:pixelpost	pixelpost	eq	1.5_rc1

References

retrogod.altervista.org/pixelpost_15rc12_xpl.html

securityreason.com/securityalert/1061

securitytracker.com/id?1016217

www.securityfocus.com/archive/1/435856/100/0/threaded

www.securityfocus.com/bid/18276

7.8 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.6%

JSON

Related for CVE-2006-2890

prion1 cvelist1