cbcvebase.

Lucidcrew Pixie vulnerabilities

9 known vulnerabilities affecting lucidcrew/pixie.

Total CVEs
9
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM7

Vulnerabilities

Page 1 of 1
CVE-2017-7402P2CRITICALCVSS 9.8PoCv1.042017-04-03
CVE-2017-7402 [CRITICAL] CWE-94 CVE-2017-7402: Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg.
nvd
CVE-2011-4710P3HIGHCVSS 7.5PoCv1.02v1.03+1 more2011-12-08
CVE-2011-4710 [HIGH] CWE-89 CVE-2011-4710: Multiple SQL injection vulnerabilities in Pixie CMS 1.01 through 1.04 allow remote attackers to exec Multiple SQL injection vulnerabilities in Pixie CMS 1.01 through 1.04 allow remote attackers to execute arbitrary SQL commands via the (1) pixie_user parameter and (2) Referer HTTP header in a request to the default URI.
nvd
CVE-2017-7359P4MEDIUMCVSS 6.1v1.042017-03-31
CVE-2017-7359 [MEDIUM] CWE-79 CVE-2017-7359: Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack. Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack.
nvd
CVE-2017-7362P4MEDIUMCVSS 6.1v1.042017-03-31
CVE-2017-7362 [MEDIUM] CWE-79 CVE-2017-7362: Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS attack. Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS attack.
nvd
CVE-2017-7361P4MEDIUMCVSS 6.1v1.042017-03-31
CVE-2017-7361 [MEDIUM] CWE-79 CVE-2017-7361: Pixie 1.0.4 allows an admin/index.php s=publish&m=static&x= XSS attack. Pixie 1.0.4 allows an admin/index.php s=publish&m=static&x= XSS attack.
nvd
CVE-2017-7363P4MEDIUMCVSS 6.1v1.042017-03-31
CVE-2017-7363 [MEDIUM] CWE-79 CVE-2017-7363: Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS attack. Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS attack.
nvd
CVE-2017-7360P4MEDIUMCVSS 6.1v1.042017-03-31
CVE-2017-7360 [MEDIUM] CWE-79 CVE-2017-7360: Pixie 1.0.4 allows an admin/index.php s=settings&x= XSS attack. Pixie 1.0.4 allows an admin/index.php s=settings&x= XSS attack.
nvd
CVE-2014-3786P4MEDIUMCVSS 4.3v1.042014-06-04
CVE-2014-3786 [MEDIUM] CWE-79 CVE-2014-3786: Multiple cross-site scripting (XSS) vulnerabilities in the contact module (admin/modules/contact.php Multiple cross-site scripting (XSS) vulnerabilities in the contact module (admin/modules/contact.php) in Pixie CMS 1.04 allow remote attackers to inject arbitrary web script or HTML via the (1) uemail or (2) subject parameter in the Contact form to contact/.
nvd
CVE-2011-3793P4MEDIUMCVSS 5.0v1.042011-09-24
CVE-2011-3793 [MEDIUM] CWE-200 CVE-2011-3793: Pixie 1.04 allows remote attackers to obtain sensitive information via a direct request to a .php fi Pixie 1.04 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/modules/static.php and certain other files.
nvd
Lucidcrew Pixie vulnerabilities | cvebase