Lucene search
K

156 matches found

CVE
CVE
added 2017/06/06 2:0 p.m.41 views

CVE-2017-9332

PivotX 2.3.11 is affected by a cross-site scripting vulnerability in the smarty_self function of modules/module_smarty.php, where improper URI handling allows XSS via quotes in the self Smarty tag. The issue is documented across multiple feeds (NVD/CVE-2017-9332, SUSE CVE-2017-9332, CNVD, OSV) wi...

6.1CVSS5.8AI score0.00632EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2017/05/31 4:29 a.m.3 views

CVE-2017-8402

PivotX 2.3.11 allows remote authenticated users to execute arbitrary PHP code via vectors involving an upload of a .htaccess file...

8.8CVSS7.6AI score
Exploits0References1
Prion
Prion
added 2017/05/31 4:29 a.m.15 views

Design/Logic Flaw

PivotX 2.3.11 allows remote authenticated users to execute arbitrary PHP code via vectors involving an upload of a .htaccess file...

6.5CVSS8.5AI score0.0128EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2017/05/31 4:29 a.m.15 views

CVE-2017-8402

PivotX 2.3.11 allows remote authenticated users to execute arbitrary PHP code via vectors involving an upload of a .htaccess file...

8.8CVSS8.7AI score0.0128EPSS
Exploits0References1
CVE
CVE
added 2017/05/31 3:54 a.m.50 views

CVE-2017-8402

PivotX 2.3.11 is affected by an arbitrary PHP code execution vulnerability. The issue arises from a flaw that allows remote authenticated users to upload a .htaccess file to execute code on the server. Several sources in the connected set (CNVD-2017-11640, NVD entry) confirm PivotX 2.3.11 as the ...

8.8CVSS8.6AI score0.0128EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/05/31 3:54 a.m.16 views

CVE-2017-8402

PivotX 2.3.11 allows remote authenticated users to execute arbitrary PHP code via vectors involving an upload of a .htaccess file...

8.7AI score0.0128EPSS
Exploits0References1
CNVD
CNVD
added 2017/05/05 12:0 a.m.3 views

File Upload Bypass Vulnerability in Pivotx CMS Article Posting Page

PivotX CMS is an open source blog content management system Blog CMS. Pivotx CMS 2.3.11 and previous versions of the article publishing page file upload bypass vulnerability , due to fileupload.php file of $disallowedextensions filter array has a design flaw , an attacker can exploit the...

8AI score
Exploits0
NVD
NVD
added 2017/04/07 4:59 a.m.16 views

CVE-2017-7570

PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension such as .jpg and then invoking the duplicate function to change to the .php extension...

8.8CVSS8.8AI score0.01452EPSS
Exploits1References1
Prion
Prion
added 2017/04/07 4:59 a.m.15 views

Code injection

PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension such as .jpg and then invoking the duplicate function to change to the .php extension...

6.5CVSS8.8AI score0.01452EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2017/04/07 4:59 a.m.3 views

CVE-2017-7570

PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension such as .jpg and then invoking the duplicate function to change to the .php extension...

8.8CVSS7.7AI score
Exploits0References1
CVE
CVE
added 2017/04/07 4:33 a.m.44 views

CVE-2017-7570

PivotX 2.3.11 is affected by a vulnerability where remote authenticated Advanced users can execute arbitrary PHP code. The issue arises when an attacker uploads a file with a safe extension (e.g., .jpg) and then uses a duplicate function to change the extension to .php. The provided documents ide...

8.8CVSS8.7AI score0.01452EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2017/04/07 4:33 a.m.19 views

CVE-2017-7570

PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension such as .jpg and then invoking the duplicate function to change to the .php extension...

8.9AI score0.01452EPSS
Exploits1References1
CNVD
CNVD
added 2016/11/16 12:0 a.m.3 views

Stored Cross-Site Scripting Vulnerability in Pivotx

Pivotx is an open source blog content management system. Pivotx 2.3.11 and prior versions have a stored cross-site scripting vulnerability at the home page message comments. A lack of filtering in the lib.php file allows an attacker to inject cross-site statements using only supported tags...

6.1AI score
Exploits0
CNVD
CNVD
added 2016/07/22 12:0 a.m.6 views

PivotX CMS has multiple vulnerabilities

PivotX CMS is an open source blog content management system Blog CMS. Cross-site scripting, directory traversal, and remote command execution vulnerabilities exist in PivotX CMS version 2.3.11. An attacker can use the vulnerabilities to steal cookie-based authentication, execute arbitrary command...

7.5AI score
Exploits0References1
CNVD
CNVD
added 2016/07/21 12:0 a.m.1 views

PivotX SQL Injection Vulnerability

Pivotx is an open source blog content management system Blog CMS. A SQL injection vulnerability exists in versions of PivotX prior to 2.3.11, which can be exploited by attackers to compromise an application, access or modify data...

8AI score
Exploits0References1
Packet Storm
Packet Storm
added 2016/07/15 12:0 a.m.24 views

PivotX 2.3.11 Blind SQL Injection

Blind SQL Injection PivotX Date: Thu, 14 Jul 2016 09:38:19 +0200 ============================================= MGC ALERT 2016-003 - Original release date: April 14, 2016 - Last revised: July 14, 2016 - Discovered by: Manuel GarcAa CA!rdenas - Severity: 7,1/10 CVSS Base Score...

0.1AI score
Exploits0
seebug.org
seebug.org
added 2016/06/09 12:0 a.m.34 views

PivotX 2.3.11 代码执行漏洞

Pivotx是一套开源的博客内容管理系统(Blog CMS)。该系统支持内置评论审查、垃圾信息防护和模板更换等功能。 PivotX 2.3.11中存在代码执行漏洞。由于重命名文件时未能检查扩展名。攻击者能够执行任意代码。 漏洞出现在上传功能,当上传文件时,为了防止恶意文件的上传,如PHP文件asp文件等等可以执行代码的文件造成代码执行漏洞,因此会检查文件扩展名的文件。然而,PivotX 2.3.11重命名函数却没有进行检查新文件名的扩展,导致代码执行。...

7.1AI score
Exploits0
CNVD
CNVD
added 2016/05/19 12:0 a.m.3 views

PivotX Code Execution Vulnerability

Pivotx is an open source blog content management system Blog CMS. The system supports built-in comment review, spam protection and template replacement. A code execution vulnerability exists in PivotX 2.3.11. Due to a failure to check extensions when renaming files. An attacker is able to execute...

8.1AI score
Exploits0References1
CNVD
CNVD
added 2016/05/19 12:0 a.m.2 views

PivotX Directory Traversal Vulnerability

Pivotx is an open source blog content management system Blog CMS. The system supports built-in comment review, spam protection and template replacement. A directory traversal vulnerability exists in PivotX 2.3.11. Authenticated users are able to read and delete files outside of the Pivotx directo...

6.8AI score
Exploits0References1
CNVD
CNVD
added 2016/05/19 12:0 a.m.5 views

PivotX cross-site scripting vulnerability (CNVD-2016-03594)

Pivotx is an open source blog content management system Blog CMS. The system supports built-in comment review, spam protection and template replacement. A reflective cross-site scripting vulnerability exists in PivotX 2.3.11. An attacker can inject JavaScript code or bypass CSRF protection...

6.5AI score
Exploits0References1
Rows per page
Query Builder