|Main Archive Page > Month Archives > oss-security archives|
Multiple vulnerabilities have been reported against pixelpost:
1) A CSRF vulnerability allows changes to some settings (PoC allows changing
the administrator's password.) 
2) SQL injection 
3) XSS 
2) and 3) are from 2009, so I guess we are going to need some help from
Steven for those ones. The only information about those is  which has
some other changes.
It also appears to be using PHP_SELF in some places, so that's another XSS
vector. Will confirm it later.
-- Raphael Geissert - Debian Developer www.debian.org - get.debian.net