Pixelpost : Security Vulnerabilities, CVEs, CVSS score >= 7

CVE-2018-0606

SQL injection vulnerability in the Pixelpost v1.7.3 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.11%
Published
2018-06-26
Updated
2018-08-17

CVE-2018-0604

Pixelpost v1.7.3 and earlier allows remote code execution via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.38%
Published
2018-06-26
Updated
2019-10-03

CVE-2010-3305

Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 could allow remote attackers to change the admin password.
Max CVSS
8.8
EPSS Score
1.10%
Published
2019-11-12
Updated
2019-11-14

CVE-2009-4899

pixelpost 1.7.1 has SQL injection
Max CVSS
9.8
EPSS Score
0.18%
Published
2019-10-28
Updated
2019-11-01

CVE-2006-1104

Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the showimage parameter in index.php; and the (2) USER_AGENT, (3) HTTP_REFERER, and (4) HTTP_HOST HTTP header fields as used in the book_vistor function in includes/functions.php. NOTE: the vendor has disputed some issues from the original disclosure, but due to the vagueness of the dispute, it is not clear whether the vendor is disputing this particular issue.
Max CVSS
7.5
EPSS Score
1.18%
Published
2006-03-09
Updated
2018-10-18
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close