CVE-2006-2889

Pixelpost <5rc1-2 - SQL Injection

Title source: llm

Description

Multiple SQL injection vulnerabilities in index.php in Pixelpost 1-5rc1-2 and earlier allow remote attackers to execute arbitrary SQL commands, and leverage them to gain administrator privileges, via the (1) category or (2) archivedate parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1868

View Code ZIP pw:eip

References (6)

[Exploit] http://retrogod.altervista.org/pixelpost_15rc12_xpl.html

[Exploit] http://securitytracker.com/id?1016217

[Exploit] http://www.securityfocus.com/bid/18276

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/435856/100/0/threaded

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/26922

[Third Party Advisory] http://securityreason.com/securityalert/1061

Scores

EPSS 0.0088

EPSS Percentile 75.4%

Details

Status published

Products (1)

pixelpost/pixelpost < 1.5_rc1

Published Jun 07, 2006

Tracked Since Feb 18, 2026