Pixelpost Multiple SQL Injection Vulnerabilities
BID:18276
CVE-2006-2889 | CVE-2006-2890 |Info
Pixelpost Multiple SQL Injection Vulnerabilities
| Bugtraq ID: | 18276 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 05 2006 12:00AM |
| Updated: | Jun 05 2006 10:47PM |
| Credit: | rgod is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
pixelpost Pixelpost 1.5rc1-2 |
| Not Vulnerable: | |
Discussion
Pixelpost Multiple SQL Injection Vulnerabilities
Pixelpost is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploits could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Pixelpost is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploits could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Exploit / POC
Pixelpost Multiple SQL Injection Vulnerabilities
These issues can be exploited through a web client.
The following exploit is available:
These issues can be exploited through a web client.
The following exploit is available:
Solution / Fix
Pixelpost Multiple SQL Injection Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].