← volver
CVE-2006-3531

CVE-2006-3531

EPSS 9.4%
includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier creates the authentication credentials from parameters, which allows remote attackers to obtain privileges and upload arbitrary files via modified (1) pass and (2) session parameters, and (3) pass and (4) userlevel indices of the (a) Pivot_Vars[] or (b) Users[] array parameters.
Productos afectados
n/a · n/a
PoCs públicas encontradas1
exploitdbwww.exploit-db.com/exploits/1991no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://retrogod.altervista.org/pivot_130RC2_xpl.htmlhttp://secunia.com/advisories/20962http://securityreason.com/securityalert/1214https://exchange.xforce.ibmcloud.com/vulnerabilities/27671http://www.osvdb.org/27126http://www.securityfocus.com/archive/1/439495/100/0/threadedhttp://www.securityfocus.com/bid/18881http://www.vupen.com/english/advisories/2006/2744