Max CVSS | 9.0 | Min CVSS | 7.5 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2008-1867 | 7.5 |
SQL injection vulnerability in Blog Pixel Motion (aka Blog PixelMotion) allows remote attackers to execute arbitrary SQL commands via the categorie parameter to index.php, possibly related to include/requetesIndex.php.
|
29-09-2017 - 01:30 | 17-04-2008 - 19:05 | |
CVE-2008-1868 | 7.5 |
admin/sauvBase.php in Blog Pixel Motion (aka Blog PixelMotion) does not require authentication, which allows remote attackers to trigger a database backup dump, and obtain the resulting blogPM.sql file that contains sensitive information.
|
29-09-2017 - 01:30 | 17-04-2008 - 19:05 | |
CVE-2008-1866 | 9.0 |
admin/modif_config.php in Blog Pixel Motion (aka PixelMotion) does not require admin authentication, which allows remote authenticated users to upload arbitrary PHP scripts in a ZIP archive, which is written to templateZip/ and then automatically ext
|
29-09-2017 - 01:30 | 17-04-2008 - 19:05 |