CVE-2006-1426

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2006-1426
Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remote attackers to execute arbitrary SQL commands via the (1) date parameter in index.php or bypass authentication via the (2) password parameter in admin/index.php.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://secunia.com/advisories/19421 Exploit Vendor Advisory
http://www.osvdb.org/24168
http://www.osvdb.org/24169
http://www.securityfocus.com/archive/1/428964/100/0/threaded
http://www.securityfocus.com/bid/17260 Exploit
http://www.vupen.com/english/advisories/2006/1135
https://exchange.xforce.ibmcloud.com/vulnerabilities/25478
https://exchange.xforce.ibmcloud.com/vulnerabilities/25481
Configurations

Configuration 1 (hide)

cpe:2.3:a:pixel_motion:pixel_motion_blog:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2006-03-28 20:02

Updated : 2024-02-28 10:42

NVD link : CVE-2006-1426

Mitre link : CVE-2006-1426

CVE.ORG link : CVE-2006-1426

JSON object : View

Products Affected

pixel_motion

  • pixel_motion_blog
CWE
NVD-CWE-Other

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024