Pivotx : Security Vulnerabilities, CVEs, CVSS score >= 7
lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file.
Max CVSS
7.2
EPSS Score
0.10%
Published
2017-10-02
Updated
2017-10-06
PivotX 2.3.11 allows remote authenticated users to execute arbitrary PHP code via vectors involving an upload of a .htaccess file.
Max CVSS
8.8
EPSS Score
0.26%
Published
2017-05-31
Updated
2017-06-08
PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension.
Max CVSS
8.8
EPSS Score
0.38%
Published
2017-04-07
Updated
2017-04-13
PivotX before 2.3.11 does not validate the new file extension when renaming a file with multiple extensions, which allows remote attackers to execute arbitrary code by uploading a crafted file, as demonstrated by a file named foo.php.php.
Max CVSS
7.5
EPSS Score
4.36%
Published
2015-07-08
Updated
2018-10-09
Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .php# extension, and then accessing it via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.78%
Published
2014-04-15
Updated
2014-04-15
The password reset in PivotX before 2.2.4 allows remote attackers to modify the passwords of arbitrary users via unspecified vectors.
Max CVSS
7.5
EPSS Score
2.02%
Published
2011-02-19
Updated
2017-08-17
6 vulnerabilities found