Piranha

**Name of the Vulnerable Software and Affected Versions** Pixie CMS versions 1.01 through 1.04 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `pixie user` parameter and the Referer HTTP header in a request to the default URI. **Recommendations** For Pixie CMS versions 1.01 through 1.04, consider restricting access to the default URI and avoid using the `pixie user` parameter until a fix is available. As a temporary workaround, restrict the Referer HTTP header to minimize the risk of exploitation.