CVE-2011-4710

Pixie CMS 1.01-1.04 - SQL Injection via pixie_user Parameter or Referer Header

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-4710. PoCs published by Piranha.

AI-analyzed exploit summary This exploit demonstrates blind SQL injection vulnerabilities in Pixie CMS versions 1.01 to 1.04 via the 'pixie_user' parameter and the 'Referer' header. The PoC uses time-based techniques (SLEEP) to infer database information.

Description

Multiple SQL injection vulnerabilities in Pixie CMS 1.01 through 1.04 allow remote attackers to execute arbitrary SQL commands via the (1) pixie_user parameter and (2) Referer HTTP header in a request to the default URI.

Exploits (1)

exploitdb WORKING POC
by Piranha · textwebappsphp
https://www.exploit-db.com/exploits/18115

This exploit demonstrates blind SQL injection vulnerabilities in Pixie CMS versions 1.01 to 1.04 via the 'pixie_user' parameter and the 'Referer' header. The PoC uses time-based techniques (SLEEP) to infer database information.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Pixie CMS 1.01 - 1.04
No auth needed
Prerequisites: Access to the target Pixie CMS instance · Ability to send crafted HTTP requests
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18115

Scores

EPSS 0.0171
EPSS Percentile 74.7%

Details

CWE
CWE-89
Status published
Products (5)
getpixie/pixie 1.01
getpixie/pixie 1.01a
lucidcrew/pixie 1.02
lucidcrew/pixie 1.03
lucidcrew/pixie 1.04
Published Dec 08, 2011
Tracked Since Feb 18, 2026