CVE-2006-1104

Exploit

EPSS 1.48%
Veröffentlicht 09.03.2006 13:06:00
Zuletzt bearbeitet 16.06.2026 22:22:01
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the showimage parameter in index.php; and the (2) USER_AGENT, (3) HTTP_REFERER, and (4) HTTP_HOST HTTP header fields as used in the book_vistor function in includes/functions.php.  NOTE: the vendor has disputed some issues from the original disclosure, but due to the vagueness of the dispute, it is not clear whether the vendor is disputing this particular issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 10

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pixelpost ≫ Pixelpost Version1.4.3

Pixelpost ≫ Pixelpost Version1.5_beta1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.48%	0.705

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://forum.pixelpost.org/showthread.php?t=3535

Exploit

http://www.neosecurityteam.net/index.php?action=advisories&id=19

Vendor Advisory

Exploit

http://www.securityfocus.com/archive/1/426764/100/0/threaded

http://www.securityfocus.com/bid/16964

Exploit

http://www.vupen.com/english/advisories/2006/0823

https://exchange.xforce.ibmcloud.com/vulnerabilities/25044

https://exchange.xforce.ibmcloud.com/vulnerabilities/25046

https://nvd.nist.gov/vuln/detail/CVE-2006-1104

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-1104

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-1104

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2006-1104