Pixel Motion Blog Security Vulnerabilities and Issues — Pixel Motion Blog CVE List

Lucene search

Pixel MotionPixel Motion Blog

4 matches found

CVE•added 2008/04/17 7:5 p.m.•30 views

CVE-2008-1866

admin/modif_config.php in Blog Pixel Motion (aka PixelMotion) does not require admin authentication, which allows remote authenticated users to upload arbitrary PHP scripts in a ZIP archive, which is written to templateZip/ and then automatically extracted under templates/ for execution via a direc...

9CVSS6.7AI score0.06452EPSS

CVE•added 2008/04/27 9:5 p.m.•27 views

CVE-2008-1986

Cross-site scripting (XSS) vulnerability in liste_article.php in Blog Pixel Motion (aka PixelMotion) allows remote attackers to inject arbitrary web script or HTML via the jours parameter.

4.3CVSS5.7AI score0.00255EPSS

CVE•added 2008/04/17 7:5 p.m.•26 views

CVE-2008-1867

SQL injection vulnerability in Blog Pixel Motion (aka Blog PixelMotion) allows remote attackers to execute arbitrary SQL commands via the categorie parameter to index.php, possibly related to include/requetesIndex.php.

7.5CVSS8.5AI score0.00323EPSS

CVE•added 2008/04/17 7:5 p.m.•26 views

CVE-2008-1868

admin/sauvBase.php in Blog Pixel Motion (aka Blog PixelMotion) does not require authentication, which allows remote attackers to trigger a database backup dump, and obtain the resulting blogPM.sql file that contains sensitive information.

7.5CVSS6.5AI score0.02622EPSS