PT-2006-3807 · Pixelpost · Pixelpost

Rgod

Published

2006-06-07

Updated

2018-10-18

CVE-2006-2889

CVSS v2.0

5.1

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Pixelpost versions 1-5rc1-2 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands and gain administrator privileges via the category or archivedate parameter in the "index.php" file.

Recommendations For Pixelpost versions 1-5rc1-2 and earlier, as a temporary workaround, consider restricting access to the index.php file until a patch is available. Avoid using the category and archivedate parameters in the affected API endpoint until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-2889

Affected Products

Pixelpost

PT-2006-3807 · Pixelpost · Pixelpost

CVE-2006-2889

Related Identifiers

Affected Products

References · 9