7.5

CVE-2006-1104

Exploit

EPSS 1.04%
Veröffentlicht 09.03.2006 13:06:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the showimage parameter in index.php; and the (2) USER_AGENT, (3) HTTP_REFERER, and (4) HTTP_HOST HTTP header fields as used in the book_vistor function in includes/functions.php.  NOTE: the vendor has disputed some issues from the original disclosure, but due to the vagueness of the dispute, it is not clear whether the vendor is disputing this particular issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pixelpost ≫ Pixelpost Version1.4.3

Pixelpost ≫ Pixelpost Version1.5_beta1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.04%	0.756

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://forum.pixelpost.org/showthread.php?t=3535

Exploit

http://www.neosecurityteam.net/index.php?action=advisories&id=19

Vendor Advisory

Exploit

http://www.securityfocus.com/archive/1/426764/100/0/threaded

http://www.securityfocus.com/bid/16964

Exploit

http://www.vupen.com/english/advisories/2006/0823

https://exchange.xforce.ibmcloud.com/vulnerabilities/25044

https://exchange.xforce.ibmcloud.com/vulnerabilities/25046

https://nvd.nist.gov/vuln/detail/CVE-2006-1104

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-1104

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-1104

EUVD