← back
CVE-2006-5086

CVE-2006-5086

EPSS 1.1%
Blog Pixel Motion 2.1.1 allows remote attackers to change the username and password for the admin user via a direct request to insere_base.php with modified (1) login and (2) pass parameters. NOTE: this issue was claimed to be SQL injection by the original researcher, but it is not.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/2441unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://acid-root.new.fr/poc/12060927.txthttp://secunia.com/advisories/22163http://securityreason.com/securityalert/1653https://exchange.xforce.ibmcloud.com/vulnerabilities/29222http://www.securityfocus.com/archive/1/447167/100/0/threaded