Unrated severityNVD Advisory· Published Mar 9, 2006· Updated Apr 16, 2026

CVE-2006-1105

Description

Pixelpost 1.5 beta 1 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. NOTE: the vendor has disputed some issues from the original disclosure, but due to the vagueness of the dispute, it is not clear whether the vendor is disputing this particular issue.

Affected products

Pixelpost/Pixelpost2 versions
cpe:2.3:a:pixelpost:pixelpost:1.4.3:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:pixelpost:pixelpost:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:pixelpost:pixelpost:1.5_beta1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

forum.pixelpost.org/showthread.phpnvdExploit
www.neosecurityteam.net/index.phpnvdExploitVendor Advisory
www.securityfocus.com/bid/16964nvdExploit
www.securityfocus.com/archive/1/426764/100/0/threadednvd
www.vupen.com/english/advisories/2006/0823nvd
exchange.xforce.ibmcloud.com/vulnerabilities/25048nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000