CVE-2006-1105

Published: Mar 9, 2006Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Pixelpost 1.5 beta 1 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. NOTE: the vendor has disputed some issues from the original disclosure, but due to the vagueness of the dispute, it is not clear whether the vendor is disputing this particular issue.

Affected (2)

Products: Pixelpost: Pixelpost

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Pixelpost Pixelpost	Version 1.4.3
Pixelpost Pixelpost	Version 1.5_beta1

References (12)

http://forum.pixelpost.org/showthread.php?t=3535

Source: cve@mitre.org

Exploit

http://www.neosecurityteam.net/index.php?action=advisories&id=19

Source: cve@mitre.org

ExploitVendor Advisory

http://www.securityfocus.com/archive/1/426764/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/16964

Source: cve@mitre.org

Exploit

http://www.vupen.com/english/advisories/2006/0823

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/25048

Source: cve@mitre.org

http://forum.pixelpost.org/showthread.php?t=3535

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.neosecurityteam.net/index.php?action=advisories&id=19

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

http://www.securityfocus.com/archive/1/426764/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/16964

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.vupen.com/english/advisories/2006/0823

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/25048

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.