Pixel Motion Blog Security Vulnerabilities and Issues — Pixel Motion Blog CVE List

Pixel MotionPixel Motion Blog

7 matches found

CVE•added 2006/03/28 8:0 p.m.•43 views

CVE-2006-1426

Pixel Motion Blog is affected by multiple SQL injection vulnerabilities disclosed for CVE-2006-1426. The issues allow remote attackers to execute arbitrary SQL commands through the date parameter in index.php or bypass authentication via the password parameter in admin/index.php. The NVD entry ci...

7.5CVSS8.9AI score0.01935EPSS

Web

CVE•added 2006/09/29 12:0 a.m.•42 views

CVE-2006-5086

Blog Pixel Motion 2.1.1 is affected. The vulnerability allows remote attackers to change the admin username and password via a direct request to insere_base.php using modified (1) login and (2) pass parameters. The original researcher claimed SQL injection, but the report notes that this is not S...

6.4CVSS8.2AI score0.01071EPSS

CVE•added 2008/04/17 5:0 p.m.•42 views

CVE-2008-1866

The CVE-2008-1866 issue affects Blog Pixel Motion (PixelMotion), where admin/modif_config.php does not require admin authentication. This allows remote authenticated users to upload arbitrary PHP scripts inside a ZIP archive, which is written to templateZip/ and then automatically extracted under...

9CVSS6.7AI score0.05223EPSS

Web

CVE•added 2006/09/29 12:0 a.m.•39 views

CVE-2006-5085

CVE-2006-5085 affects Blog Pixel Motion 2.1.1. The vulnerability is a static code injection in config.php where the nom_blog parameter is injected into include/variables.php, enabling remote attackers to execute arbitrary PHP code. The available connected documents confirm the affected software v...

7.5CVSS7.8AI score0.44361EPSS

Web

CVE•added 2008/04/17 5:0 p.m.•39 views

CVE-2008-1868

CVE-2008-1868 affects Blog Pixel Motion (Blog Pixel Motion) via admin/sauvBase.php, where authentication is not required. The underlying issue allows remote attackers to trigger a database backup dump and retrieve the resulting blogPM.sql, which contains sensitive information. The vulnerability e...

7.5CVSS6.5AI score0.02614EPSS

CVE•added 2008/04/27 9:0 p.m.•38 views

CVE-2008-1986

CVE-2008-1986 is a reported XSS vulnerability in Blog Pixel Motion (PixelMotion) affecting the file liste_article.php. The flaw allows remote attackers to inject arbitrary web script or HTML via the jours parameter. The available sources describe the vulnerability and its impact as cross-site scr...

4.3CVSS5.7AI score0.01436EPSS

CVE•added 2008/04/17 5:0 p.m.•37 views

CVE-2008-1867

CVE-2008-1867 describes a SQL injection vulnerability in Blog Pixel Motion (aka Blog PixelMotion). The issue allows remote attackers to execute arbitrary SQL commands via the categorie parameter to index.php, potentially related to include/requetesIndex.php. The vulnerability affects the affected...

7.5CVSS8.5AI score0.00967EPSS

Web