Pixelpost: >> Pixelpost Security Vulnerabilities
Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 could allow remote attackers to change the admin password.
CVSS Score
8.8
EPSS Score
0.005
Published
2019-11-12
pixelpost 1.7.1 has SQL injection
CVSS Score
9.8
EPSS Score
0.003
Published
2019-10-28
pixelpost 1.7.1 has XSS
CVSS Score
6.1
EPSS Score
0.003
Published
2019-10-28
Pixelpost v1.7.3 and earlier allows remote code execution via unspecified vectors.
CVSS Score
7.2
EPSS Score
0.016
Published
2018-06-26
Cross-site scripting vulnerability in Pixelpost v1.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-06-26
SQL injection vulnerability in the Pixelpost v1.7.3 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS Score
7.2
EPSS Score
0.004
Published
2018-06-26
Pixelpost 1.7.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/functions_feeds.php and certain other files.
CVSS Score
5.0
EPSS Score
0.003
Published
2011-09-24
Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) findfid, (2) id, (3) selectfcat, (4) selectfmon, or (5) selectftag parameter in an images action.
CVSS Score
6.5
EPSS Score
0.007
Published
2011-02-25
Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on Windows, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language_full parameter.
CVSS Score
6.8
EPSS Score
0.115
Published
2008-07-30
SQL injection vulnerability in index.php in Pixelpost 1.7 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter.
CVSS Score
6.8
EPSS Score
0.006
Published
2008-01-18
Page 1