CVE-2006-1105
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
09/03/2006
Last modified:
03/04/2025
Description
Pixelpost 1.5 beta 1 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. NOTE: the vendor has disputed some issues from the original disclosure, but due to the vagueness of the dispute, it is not clear whether the vendor is disputing this particular issue.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:pixelpost:pixelpost:1.4.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:pixelpost:pixelpost:1.5_beta1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://forum.pixelpost.org/showthread.php?t=3535
- http://www.neosecurityteam.net/index.php?action=advisories&id=19
- http://www.securityfocus.com/archive/1/426764/100/0/threaded
- http://www.securityfocus.com/bid/16964
- http://www.vupen.com/english/advisories/2006/0823
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25048
- http://forum.pixelpost.org/showthread.php?t=3535
- http://www.neosecurityteam.net/index.php?action=advisories&id=19
- http://www.securityfocus.com/archive/1/426764/100/0/threaded
- http://www.securityfocus.com/bid/16964
- http://www.vupen.com/english/advisories/2006/0823
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25048