{"api_version":"1","generated_at":"2026-07-06T19:20:11+00:00","cve":"CVE-2011-1100","urls":{"html":"https://cve.report/CVE-2011-1100","api":"https://cve.report/api/cve/CVE-2011-1100.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2011-1100","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2011-1100"},"summary":{"title":"CVE-2011-1100","description":"Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) findfid, (2) id, (3) selectfcat, (4) selectfmon, or (5) selectftag parameter in an images action.","state":"PUBLISHED","assigner":"mitre","published_at":"2011-02-25 17:00:01","updated_at":"2026-04-29 01:13:23"},"problem_types":["CWE-89","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"6.5","severity":"","vector":"AV:N/AC:L/Au:S/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://www.exploit-db.com/exploits/16160","name":"http://www.exploit-db.com/exploits/16160","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"Pixelpost 1.7.3 Multiple POST Variables SQL Injection Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/65474","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/65474","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-4992.php","name":"http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-4992.php","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"Zero Science Lab » Pixelpost 1.7.3 Multiple POST Variables SQL Injection Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2011-1100","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1100","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2011","cve_id":"1100","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"pixelpost","cpe5":"pixelpost","cpe6":"1.7.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T22:14:27.801Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"16160","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"http://www.exploit-db.com/exploits/16160"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-4992.php"},{"name":"pixelpost-index-multiple-sql-injection(65474)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/65474"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2011-02-11T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) findfid, (2) id, (3) selectfcat, (4) selectfmon, or (5) selectftag parameter in an images action."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-08-16T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"16160","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"http://www.exploit-db.com/exploits/16160"},{"tags":["x_refsource_MISC"],"url":"http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-4992.php"},{"name":"pixelpost-index-multiple-sql-injection(65474)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/65474"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2011-1100","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) findfid, (2) id, (3) selectfcat, (4) selectfmon, or (5) selectftag parameter in an images action."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"16160","refsource":"EXPLOIT-DB","url":"http://www.exploit-db.com/exploits/16160"},{"name":"http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-4992.php","refsource":"MISC","url":"http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-4992.php"},{"name":"pixelpost-index-multiple-sql-injection(65474)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/65474"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2011-1100","datePublished":"2011-02-25T16:00:00.000Z","dateReserved":"2011-02-25T00:00:00.000Z","dateUpdated":"2024-08-06T22:14:27.801Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2011-02-25 17:00:01","lastModifiedDate":"2026-04-29 01:13:23","problem_types":["CWE-89","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pixelpost:pixelpost:1.7.3:*:*:*:*:*:*:*","matchCriteriaId":"412664AB-2B05-452E-BF5A-03D114510BC1"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2011","CveId":"1100","Ordinal":"1","Title":"CVE-2011-1100","CVE":"CVE-2011-1100","Year":"2011"},"notes":[{"CveYear":"2011","CveId":"1100","Ordinal":"1","NoteData":"Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) findfid, (2) id, (3) selectfcat, (4) selectfmon, or (5) selectftag parameter in an images action.","Type":"Description","Title":"CVE-2011-1100"},{"CveYear":"2011","CveId":"1100","Ordinal":"2","NoteData":"2011-02-25","Type":"Other","Title":"Published"},{"CveYear":"2011","CveId":"1100","Ordinal":"3","NoteData":"2017-08-16","Type":"Other","Title":"Modified"}]}}}