Exploitation Summary
EIP tracks 1 public exploit for CVE-2009-1066. PoCs published by Justin Keane.
AI-analyzed exploit summary This writeup details multiple vulnerabilities in Pixie CMS, including XSS via the 'x' parameter in blog URLs and SQL injection via the 'Referer' header. The XSS allows redirection or arbitrary script execution, while the SQL injection can manipulate the 'pixie_log' table.
Description
SQL injection vulnerability in the referral function in admin/lib/lib_logs.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header in a request.
Exploits (1)
This writeup details multiple vulnerabilities in Pixie CMS, including XSS via the 'x' parameter in blog URLs and SQL injection via the 'Referer' header. The XSS allows redirection or arbitrary script execution, while the SQL injection can manipulate the 'pixie_log' table.