彙總 pixelimity 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
歷史漏洞主要涉及 SQL 注入與CSRF 等問題,部分漏洞可能導致 資料外洩,並影響 生產負載與軟體部署 相關場景。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2025-5206 | A vulnerability classified as critical was found in Pixelimity 1.0. Affected by this vulnerability is an unknown functionality of the file /install/index.php of the component Installation. The manipulation of the argument site_description leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 5.1 | 0.36% | 2025-05-26 | 2025-06-05 |
| CVE-2022-28590 | A Remote Code Execution (RCE) vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=install_theme. | [email protected] | 7.2 | 22.83% | 2022-05-03 | 2024-11-21 |
| CVE-2022-28589 | A stored cross-site scripting (XSS) vulnerability in Pixelimity 1.0 allows attackers to execute arbitrary web scripts or HTML via the Title field in admin/pages.php?action=add_new | [email protected] | 4.8 | 0.53% | 2022-05-03 | 2024-11-21 |
| CVE-2021-42866 | A Cross Site Scripting vulnerabilty exists in Pixelimity 1.0 via the Site Description field in pixelimity/admin/setting.php | [email protected] | 4.8 | 0.53% | 2022-03-31 | 2024-11-21 |
| CVE-2021-29056 | Cross Site Scripting (XSS) vulnerability exists in Pixelimity 1.0 via the HTTP POST parameter to admin/setting.php. | [email protected] | 4.8 | 0.51% | 2021-08-17 | 2024-11-21 |
| CVE-2020-23522 | Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter. | [email protected] | 6.8 | 2.01% | 2021-01-19 | 2024-11-21 |
| CVE-2018-19919 | Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php data[title] parameter, as demonstrated by a crafted onload attribute of an SVG element. | [email protected] | 4.8 | 0.67% | 2018-12-06 | 2024-11-21 |