PT-2009-3647 · Pixie · Pixie Cms
Published
2009-03-24
·
Updated
2024-02-14
·
CVE-2009-1066
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Pixie CMS version 1.01a
Description
The issue allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header in a request, specifically in the referral function in admin/lib/lib logs.php.
Recommendations
For Pixie CMS version 1.01a, consider restricting access to the vulnerable referral function in admin/lib/lib logs.php to minimize the risk of exploitation. Avoid using the Referer HTTP header in requests to the affected function until the issue is resolved.
Exploit
Fix
RCE
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pixie Cms