CVE-2006-5086

Blog Pixel Motion 2.1.1 - RCE

Title source: llm

Description

Blog Pixel Motion 2.1.1 allows remote attackers to change the username and password for the admin user via a direct request to insere_base.php with modified (1) login and (2) pass parameters. NOTE: this issue was claimed to be SQL injection by the original researcher, but it is not.

Exploits (1)

exploitdb WORKING POC VERIFIED

by DarkFig · perlwebappsphp

https://www.exploit-db.com/exploits/2441

View Code ZIP pw:eip

References (5)

[Vendor Advisory] http://secunia.com/advisories/22163

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/447167/100/0/threaded

[Exploit] http://acid-root.new.fr/poc/12060927.txt

[Third Party Advisory] http://securityreason.com/securityalert/1653

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/29222

Scores

EPSS 0.0141

EPSS Percentile 80.5%

Details

Status published

Products (1)

pixel_motion/pixel_motion_blog 2.1.1

Published Sep 29, 2006

Tracked Since Feb 18, 2026