CVE-2006-1426 Information

Description

Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remote attackers to execute arbitrary SQL commands via the (1) date parameter in index.php or bypass authentication via the (2) password parameter in admin/index.php.

Reference

http://secunia.com/advisories/19421 http://www.osvdb.org/24168 http://www.osvdb.org/24169 http://www.securityfocus.com/archive/1/428964/100/0/threaded http://www.securityfocus.com/bid/17260 http://www.vupen.com/english/advisories/2006/1135 https://exchange.xforce.ibmcloud.com/vulnerabilities/25478 https://exchange.xforce.ibmcloud.com/vulnerabilities/25481