CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Pixelpost: >> Pixelpost >> 1.5_rc1 Security Vulnerabilities

CVE-2006-2890

Pixelpost 1-5rc1-2 and earlier, when register_globals is enabled, allows remote attackers to gain administrator privileges and conduct other attacks by setting the _SESSION["pixelpost_admin"] parameter to 1 in calls to admin scripts such as admin/view_info.php.

CVSS Score

5.1

EPSS Score

0.009

Published

2006-06-07

CVE-2006-2891

Cross-site scripting (XSS) vulnerability in admin/index.php for Pixelpost 1-5rc1-2 and earlier allows remote attackers to inject arbitrary HTML or web script via the loginmessage parameter.

CVSS Score

2.6

EPSS Score

0.004

Published

2006-06-07

Page 1

Vulnerabilities

Vulnerable Software

Pixelpost: >> Pixelpost >> 1.5_rc1 Security Vulnerabilities

Products

Pricing

Contact Us