8 matches found
EUVD-2017-18267
Malware in sbrugna...
Code injection
lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file...
CVE-2017-14958
lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file...
CVE-2017-9332
The smartyself function in modules/modulesmarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag...
CVE-2017-7570
PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension such as .jpg and then invoking the duplicate function to change to the .php extension...
PivotX 2.3.11 - Directory Traversal
No description provided by source...
PivotX 2.3.11 Directory Traversal
Security Advisory - Curesec Research Team 1. Introduction Affected Product: PivotX 2.3.11 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://pivotx.net/ Vulnerability Type: Directory Traversal Remote Exploitable: Yes Reported to vendor: 01/20/2016 Disclosed to public: 03/15/2016...
PivotX 2.3.11 Cross Site Scripting
Security Advisory - Curesec Research Team 1. Introduction Affected Product: PivotX 2.3.11 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://pivotx.net/ Vulnerability Type: Reflected XSS Remote Exploitable: Yes Reported to vendor: 01/20/2016 Disclosed to public: 03/15/2016 Release...