Pixelpost is vulnerable to an SQL Injection attack when input is passed to several POST parameters (findfid, id, selectfcat, selectfmon, selectftag). The script (admin/index.php) fails to properly sanitize the input before being returned to the user allowing the attacker to compromise the entire DB system and view sensitive information. Version 1.7.3 is affected.
058b005df3b48a0a2f6526e2d72d4ad64a02ed8dbdd5a5eeac880138515851eb