Pixel Motion Blog vulnerabilities
2 known vulnerabilities affecting pixel_motion/pixel_motion_blog.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2006-5085P2HIGHCVSS 7.5PoCv2.1.12006-09-29
CVE-2006-5085 [HIGH] CVE-2006-5085: Static code injection vulnerability in config.php in Blog Pixel Motion 2.1.1 allows remote attackers
Static code injection vulnerability in config.php in Blog Pixel Motion 2.1.1 allows remote attackers to execute arbitrary PHP code via the nom_blog parameter, which is injected into include/variables.php.
nvd
CVE-2006-5086P4MEDIUMCVSS 6.4PoCv2.1.12006-09-29
CVE-2006-5086 [MEDIUM] CVE-2006-5086: Blog Pixel Motion 2.1.1 allows remote attackers to change the username and password for the admin us
Blog Pixel Motion 2.1.1 allows remote attackers to change the username and password for the admin user via a direct request to insere_base.php with modified (1) login and (2) pass parameters. NOTE: this issue was claimed to be SQL injection by the original researcher, but it is not.
nvd