CVE-2011-1100

Pixelpost 1.7.3 - Authenticated SQL Injection via findfid, id, selectfcat, selectfmon, or selectftag Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-1100. PoCs published by LiquidWorm.

AI-analyzed exploit summary This is a writeup describing an SQL injection vulnerability in Pixelpost 1.7.3, where multiple POST variables (findfid, id, selectfcat, selectfmon, selectftag) are not properly sanitized, allowing an attacker to compromise the database. The example provided demonstrates the vulnerability but does not include executable exploit code.

Description

Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) findfid, (2) id, (3) selectfcat, (4) selectfmon, or (5) selectftag parameter in an images action.

Exploits (1)

exploitdb WRITEUP
by LiquidWorm · textwebappsphp
https://www.exploit-db.com/exploits/16160

This is a writeup describing an SQL injection vulnerability in Pixelpost 1.7.3, where multiple POST variables (findfid, id, selectfcat, selectfmon, selectftag) are not properly sanitized, allowing an attacker to compromise the database. The example provided demonstrates the vulnerability but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Pixelpost 1.7.3
Auth required
Prerequisites: Access to admin interface · Valid session cookie
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/16160
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65474

Scores

EPSS 0.0130
EPSS Percentile 66.6%

Details

CWE
CWE-89
Status published
Products (1)
pixelpost/pixelpost 1.7.3
Published Feb 25, 2011
Tracked Since Feb 18, 2026