CVE-2011-1100
Summary
| CVE | CVE-2011-1100 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2011-02-25 17:00:01 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) findfid, (2) id, (3) selectfcat, (4) selectfmon, or (5) selectftag parameter in an images action. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
SingleConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:L/Au:S/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Pixelpost 1.7.3 Multiple POST Variables SQL Injection Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.exploit-db.com | Exploit |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| Zero Science Lab » Pixelpost 1.7.3 Multiple POST Variables SQL Injection Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.zeroscience.mk | Exploit |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.