CVE-2006-1426

Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remote attackers to execute arbitrary SQL commands via the (1) date parameter in index.php or bypass authentication via the (2) password parameter in admin/index.php.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/17260	Exploit
http://secunia.com/advisories/19421	Exploit Vendor Advisory
http://www.osvdb.org/24168
http://www.osvdb.org/24169
http://www.vupen.com/english/advisories/2006/1135
https://exchange.xforce.ibmcloud.com/vulnerabilities/25481
https://exchange.xforce.ibmcloud.com/vulnerabilities/25478
http://www.securityfocus.com/archive/1/428964/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:pixel_motion:pixel_motion_blog:*:*:*:*:*:*:*:*

Information

Published : 2006-03-28 12:02

Updated : 2018-10-18 09:32

NVD link : CVE-2006-1426

Mitre link : CVE-2006-1426

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

pixel_motion

pixel_motion_blog

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/17260", "name": "17260", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/19421", "name": "19421", "tags": ["Exploit", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/24168", "name": "24168", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/24169", "name": "24169", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2006/1135", "name": "ADV-2006-1135", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25481", "name": "pixelmotionblog-index-sql-injection(25481)", "tags": [], "refsource": "XF"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25478", "name": "pixelmotionblog-adminindex-security-bypass(25478)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/428964/100/0/threaded", "name": "20060327 Blog Pixel Motion<=1.xx Authentication Bypass Vulnerability & SQL injection", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remote attackers to execute arbitrary SQL commands via the (1) date parameter in index.php or bypass authentication via the (2) password parameter in admin/index.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-1426", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-03-28T20:02Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:pixel_motion:pixel_motion_blog:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-18T16:32Z"}