173 matches found
Arbitrary File Upload Vulnerability in Pixie CMS Backend
Pixie CMS is a full-featured and easy-to-use website builder. An arbitrary file upload vulnerability exists in the Pixie CMS backend modfilemanager.php file $multiupload-extensions. An attacker can use this vulnerability to upload arbitrary files and execute arbitrary code...
Pixie CMS 1.04 arbitrary file upload
Pixie CMS 1.04 background the presence of arbitrary file upload vulnerability Vulnerability analysis: In Publish File Manager module you can upload any file View Code /admin/admin/modules/modfilemanager.php $multiupload-extensions = array '. png', '. jpg', '. gif', '. zip', '. mp3', '. pdf', '...
Pixie 1.0.4 - Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: File Extension Filter Bypass in File Manager Pixie 1.0.4 With Low Privilege Google Dork: no Date: 02-April-2017 Exploit Author: @runggareksya, @dvnrcy, @dickysofficial Vendor Homepage: http://www.getpixie.co.uk Software Link:...
Design/Logic Flaw
Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg...
CVE-2017-7402
Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg...
CVE-2017-7402
Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg...
CVE-2017-7402
Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg...
CVE-2017-7402
Pixie 1.0.4 suffers remote authenticated arbitrary PHP code execution by uploading a double‑extension file (for example, image.jpg.php) via admin/index.php?s=publish&x=filemanager. This bypasses extension checks when Content-Type is image/jpeg. Impact: high/severe (CVSSv3 up to 9.8). Exploit pres...
Pixie 1.0.4 Shell Upload
Exploit Title: File Extension Filter Bypass in File Manager Pixie 1.0.4 With Low Privilege Google Dork: no Date: 02-April-2017 Exploit Author: @runggareksya, @dvnrcy, @dickysofficial Vendor Homepage: http://www.getpixie.co.uk Software Link:...
Pixie 1.0.4 - Arbitrary File Upload
Pixie 1.0.4 - Arbitrary File Upload Exploit Title: File Extension Filter Bypass in File Manager Pixie 1.0.4 With Low Privilege Google Dork: no Date: 02-April-2017 Exploit Author: @runggareksya, @dvnrcy, @dickysofficial Vendor Homepage: http://www.getpixie.co.uk Software Link:...
Pixie 1.0.4 - Arbitrary File Upload
Exploit Title: File Extension Filter Bypass in File Manager Pixie 1.0.4 With Low Privilege Google Dork: no Date: 02-April-2017 Exploit Author: @runggareksya, @dvnrcy, @dickysofficial Vendor Homepage: http://www.getpixie.co.uk Software Link:...
Pixie Cross-Site Scripting Vulnerability
Pixie is an open source lightweight website content management system CMS. The system supports CSS themes, WYSIWYG editors and more. A cross-site scripting vulnerability exists in Pixie version 1.0.4, which stems from the program not properly validating user-submitted input. A remote attacker can...
Pixie cross-site scripting vulnerability (CNVD-2017-04817)
Pixie is an open source lightweight website content management system CMS. The system supports CSS themes, WYSIWYG editors and more. A cross-site scripting vulnerability exists in Pixie version 1.0.4. As the program fails to properly validate user-submitted input. A remote attacker can exploit th...
Pixie cross-site scripting vulnerability (CNVD-2017-04816)
Pixie is an open source lightweight website content management system CMS. The system supports CSS themes, WYSIWYG editors and more. A cross-site scripting vulnerability exists in Pixie version 1.0.4. As the program fails to properly validate user-submitted input. A remote attacker can exploit th...
Pixie cross-site scripting vulnerability (CNVD-2017-04894)
Pixie is an open source lightweight website content management system CMS. The system supports CSS themes, WYSIWYG editors and more. A cross-site scripting vulnerability exists in Pixie version 1.0.4. As the program fails to properly validate user-submitted input. A remote attacker can exploit th...
Pixie cross-site scripting vulnerability (CNVD-2017-04818)
Pixie is an open source lightweight website content management system CMS. The system supports CSS themes, WYSIWYG editors and more. A cross-site scripting vulnerability exists in Pixie version 1.0.4. As the program fails to properly validate user-submitted input. A remote attacker can exploit th...
Sql injection
Pixie 1.0.4 allows an admin/index.php s=settings&x= XSS attack...
Design/Logic Flaw
Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack...
Design/Logic Flaw
Pixie 1.0.4 allows an admin/index.php s=publish&m=static&x= XSS attack...
CVE-2017-7359
Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack...