Detections
Analytics

CVE-2006-1426

critical

Description

Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remote attackers to execute arbitrary SQL commands via the (1) date parameter in index.php or bypass authentication via the (2) password parameter in admin/index.php.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/25481

https://exchange.xforce.ibmcloud.com/vulnerabilities/25478

http://www.vupen.com/english/advisories/2006/1135

http://www.securityfocus.com/archive/1/428964/100/0/threaded

http://www.osvdb.org/24169

http://www.osvdb.org/24168

Details

Source: Mitre, NVD

Published: 2006-03-28

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.01922