CVE-2006-1426

Name of the Vulnerable Software and Affected Versions Pixel Motion Blog (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary SQL commands or bypass authentication. This can be achieved via the date parameter in "index.php" or the password parameter in "admin/index.php".

Recommendations For all affected versions, consider restricting access to the vulnerable parameters date and password in the respective API endpoints "index.php" and "admin/index.php" until a patch is available. As a temporary workaround, avoid using the date and password parameters in the affected API endpoints until the issue is resolved.