Pixel Motion Blog Security Vulnerabilities and Issues — Pixel Motion Blog CVE List

Lucene search

Pixel MotionPixel Motion Blog

3 matches found

CVE•added 2006/09/29 12:7 a.m.•34 views

CVE-2006-5086

Blog Pixel Motion 2.1.1 allows remote attackers to change the username and password for the admin user via a direct request to insere_base.php with modified (1) login and (2) pass parameters. NOTE: this issue was claimed to be SQL injection by the original researcher, but it is not.

6.4CVSS8.2AI score0.01004EPSS

CVE•added 2006/03/28 8:2 p.m.•33 views

CVE-2006-1426

Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remote attackers to execute arbitrary SQL commands via the (1) date parameter in index.php or bypass authentication via the (2) password parameter in admin/index.php.

7.5CVSS8.9AI score0.02075EPSS

CVE•added 2006/09/29 12:7 a.m.•26 views

CVE-2006-5085

Static code injection vulnerability in config.php in Blog Pixel Motion 2.1.1 allows remote attackers to execute arbitrary PHP code via the nom_blog parameter, which is injected into include/variables.php.

7.5CVSS7.8AI score0.05495EPSS