CVE-2006-2890

Name of the Vulnerable Software and Affected Versions Pixelpost versions 1 through 1-5rc1-2

Description The issue allows remote attackers to gain administrator privileges and conduct other attacks when register globals is enabled. This is achieved by setting the SESSION["pixelpost admin"] parameter to 1 in calls to admin scripts such as "admin/view info.php".

Recommendations For Pixelpost versions 1 through 1-5rc1-2, consider disabling the register globals setting to prevent exploitation. As a temporary workaround, restrict access to admin scripts, such as "admin/view info.php", until a more permanent solution is available. Avoid using the SESSION["pixelpost admin"] parameter in affected admin scripts until the issue is resolved.