Vulnerability Details CVE-2006-1426
Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remote attackers to execute arbitrary SQL commands via the (1) date parameter in index.php or bypass authentication via the (2) password parameter in admin/index.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.021
EPSS Ranking 83.3%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/19421
- http://www.osvdb.org/24168
- http://www.osvdb.org/24169
- http://www.securityfocus.com/archive/1/428964/100/0/threaded
- http://www.securityfocus.com/bid/17260
- http://www.vupen.com/english/advisories/2006/1135
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25478
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25481
- http://secunia.com/advisories/19421
- http://www.osvdb.org/24168
- http://www.osvdb.org/24169
- http://www.securityfocus.com/archive/1/428964/100/0/threaded
- http://www.securityfocus.com/bid/17260
- http://www.vupen.com/english/advisories/2006/1135
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25478
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25481
Products affected by CVE-2006-1426
-
cpe:2.3:a:pixel_motion:pixel_motion_blog:*