CVE-2006-1426

Sažetak

Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remote attackers to execute arbitrary SQL commands via the (1) date parameter in index.php or bypass authentication via the (2) password parameter in admin/index.php.

Reference

http://secunia.com/advisories/19421
http://www.osvdb.org/24168
http://www.osvdb.org/24169
http://www.securityfocus.com/archive/1/428964/100/0/threaded
http://www.securityfocus.com/bid/17260
http://www.vupen.com/english/advisories/2006/1135
https://exchange.xforce.ibmcloud.com/vulnerabilities/25478
https://exchange.xforce.ibmcloud.com/vulnerabilities/25481

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

18-10-2018 - 16:32

Objavljeno

28-03-2006 - 20:02