PT-2006-3809 · Pixelpost · Pixelpost

Rgod

Published

2006-06-07

Updated

2018-10-18

CVE-2006-2891

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Pixelpost versions 1 through 1-5rc1-2

Description The issue allows remote attackers to inject arbitrary HTML or web script via the loginmessage parameter in the "admin/index.php" endpoint. This enables attackers to execute malicious scripts on the victim's browser.

Recommendations For Pixelpost versions 1 through 1-5rc1-2, avoid using the loginmessage parameter in the "admin/index.php" endpoint until a fix is available. As a temporary workaround, consider restricting access to the admin/index.php endpoint to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-2891

Affected Products

Pixelpost

PT-2006-3809 · Pixelpost · Pixelpost

CVE-2006-2891

Related Identifiers

Affected Products

References · 6