QwikSec

Security Database

CVE

CWE

Training

CVE-2006-1104

Published: Mar 9, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the showimage parameter in index.php; and the (2) USER_AGENT, (3) HTTP_REFERER, and (4) HTTP_HOST HTTP header fields as used in the book_vistor function in includes/functions.php. NOTE: the vendor has disputed some issues from the original disclosure, but due to the vagueness of the dispute, it is not clear whether the vendor is disputing this particular issue.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://forum.pixelpost.org/showthread.php?t=3535

x_refsource_MISC

http://www.neosecurityteam.net/index.php?action=advisories&id=19

x_refsource_MISC

pixelpost-functions-sql-injection(25046)

vdb-entry

x_refsource_XF

20060304 Pixel Post Multiple Vulnerabilities

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_VUPEN

pixelpost-index-sql-injection(25044)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.