MidnightBSD

Advisories for getpixie

CVE-2009-1066 HIGH

SQL injection vulnerability in the referral function in admin/lib/lib_logs.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header in a request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
getpixie pixie_cms 1.01a
CVE-2009-1067 MEDIUM

Cross-site scripting (XSS) vulnerability in index.php in Pixie CMS 1.01a allows remote attackers to inject arbitrary web script or HTML via the x parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
getpixie pixie_cms 1.01a
CVE-2011-4710 HIGH

Multiple SQL injection vulnerabilities in Pixie CMS 1.01 through 1.04 allow remote attackers to execute arbitrary SQL commands via the (1) pixie_user parameter and (2) Referer HTTP header in a request to the default URI.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
getpixie pixie 1.01a
lucidcrew pixie 1.02
getpixie pixie 1.01
lucidcrew pixie 1.04
lucidcrew pixie 1.03