CVE-2006-2889

Name of the Vulnerable Software and Affected Versions Pixelpost versions 1-5rc1-2 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands and gain administrator privileges via the category or archivedate parameter in the "index.php" file.

Recommendations For Pixelpost versions 1-5rc1-2 and earlier, as a temporary workaround, consider restricting access to the index.php file until a patch is available. Avoid using the category and archivedate parameters in the affected API endpoint until the issue is resolved.