Pixel Motion Blog@* Security Vulnerabilities and Issues — Pixel Motion Blog@* CVE List

Lucene search

Pixel MotionPixel Motion Blog*

5 matches found

CVE•added 2006/03/28 8:2 p.m.•33 views

CVE-2006-1426

Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remote attackers to execute arbitrary SQL commands via the (1) date parameter in index.php or bypass authentication via the (2) password parameter in admin/index.php.

7.5CVSS8.9AI score0.02075EPSS

CVE•added 2008/04/17 7:5 p.m.•30 views

CVE-2008-1866

admin/modif_config.php in Blog Pixel Motion (aka PixelMotion) does not require admin authentication, which allows remote authenticated users to upload arbitrary PHP scripts in a ZIP archive, which is written to templateZip/ and then automatically extracted under templates/ for execution via a direc...

9CVSS6.7AI score0.06452EPSS

CVE•added 2008/04/27 9:5 p.m.•27 views

CVE-2008-1986

Cross-site scripting (XSS) vulnerability in liste_article.php in Blog Pixel Motion (aka PixelMotion) allows remote attackers to inject arbitrary web script or HTML via the jours parameter.

4.3CVSS5.7AI score0.00255EPSS

CVE•added 2008/04/17 7:5 p.m.•26 views

CVE-2008-1867

SQL injection vulnerability in Blog Pixel Motion (aka Blog PixelMotion) allows remote attackers to execute arbitrary SQL commands via the categorie parameter to index.php, possibly related to include/requetesIndex.php.

7.5CVSS8.5AI score0.00323EPSS

CVE•added 2008/04/17 7:5 p.m.•26 views

CVE-2008-1868

admin/sauvBase.php in Blog Pixel Motion (aka Blog PixelMotion) does not require authentication, which allows remote attackers to trigger a database backup dump, and obtain the resulting blogPM.sql file that contains sensitive information.

7.5CVSS6.5AI score0.02622EPSS