4 matches found
CVE-2006-1426
Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remote attackers to execute arbitrary SQL commands via the (1) date parameter in index.php or bypass authentication via the (2) password parameter in admin/index.php.
CVE-2008-1868
admin/sauvBase.php in Blog Pixel Motion (aka Blog PixelMotion) does not require authentication, which allows remote attackers to trigger a database backup dump, and obtain the resulting blogPM.sql file that contains sensitive information.
CVE-2006-5085
Static code injection vulnerability in config.php in Blog Pixel Motion 2.1.1 allows remote attackers to execute arbitrary PHP code via the nom_blog parameter, which is injected into include/variables.php.
CVE-2008-1867
SQL injection vulnerability in Blog Pixel Motion (aka Blog PixelMotion) allows remote attackers to execute arbitrary SQL commands via the categorie parameter to index.php, possibly related to include/requetesIndex.php.