Pixelpost : Security Vulnerabilities, CVEs, CVSS score >= 7
SQL injection vulnerability in the Pixelpost v1.7.3 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.11%
Published
2018-06-26
Updated
2018-08-17
Pixelpost v1.7.3 and earlier allows remote code execution via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.38%
Published
2018-06-26
Updated
2019-10-03
Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 could allow remote attackers to change the admin password.
Max CVSS
8.8
EPSS Score
1.10%
Published
2019-11-12
Updated
2019-11-14
pixelpost 1.7.1 has SQL injection
Max CVSS
9.8
EPSS Score
0.18%
Published
2019-10-28
Updated
2019-11-01
Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the showimage parameter in index.php; and the (2) USER_AGENT, (3) HTTP_REFERER, and (4) HTTP_HOST HTTP header fields as used in the book_vistor function in includes/functions.php. NOTE: the vendor has disputed some issues from the original disclosure, but due to the vagueness of the dispute, it is not clear whether the vendor is disputing this particular issue.
Max CVSS
7.5
EPSS Score
1.18%
Published
2006-03-09
Updated
2018-10-18
5 vulnerabilities found