5 matches found
CVE-2006-1426
Pixel Motion Blog is affected by multiple SQL injection vulnerabilities disclosed for CVE-2006-1426. The issues allow remote attackers to execute arbitrary SQL commands through the date parameter in index.php or bypass authentication via the password parameter in admin/index.php. The NVD entry ci...
CVE-2008-1866
The CVE-2008-1866 issue affects Blog Pixel Motion (PixelMotion), where admin/modif_config.php does not require admin authentication. This allows remote authenticated users to upload arbitrary PHP scripts inside a ZIP archive, which is written to templateZip/ and then automatically extracted under...
CVE-2008-1868
CVE-2008-1868 affects Blog Pixel Motion (Blog Pixel Motion) via admin/sauvBase.php, where authentication is not required. The underlying issue allows remote attackers to trigger a database backup dump and retrieve the resulting blogPM.sql, which contains sensitive information. The vulnerability e...
CVE-2008-1986
CVE-2008-1986 is a reported XSS vulnerability in Blog Pixel Motion (PixelMotion) affecting the file liste_article.php. The flaw allows remote attackers to inject arbitrary web script or HTML via the jours parameter. The available sources describe the vulnerability and its impact as cross-site scr...
CVE-2008-1867
CVE-2008-1867 describes a SQL injection vulnerability in Blog Pixel Motion (aka Blog PixelMotion). The issue allows remote attackers to execute arbitrary SQL commands via the categorie parameter to index.php, potentially related to include/requetesIndex.php. The vulnerability affects the affected...