Vulnerabilities > CVE-2006-3531 - Unspecified vulnerability in Pivot
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN pivot
exploit available
Summary
includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier creates the authentication credentials from parameters, which allows remote attackers to obtain privileges and upload arbitrary files via modified (1) pass and (2) session parameters, and (3) pass and (4) userlevel indices of the (a) Pivot_Vars[] or (b) Users[] array parameters.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Pivot <= 1.30 RC2 Privileges Escalation/Remote Code Execution Exploit. CVE-2006-3531,CVE-2006-3532,CVE-2006-3533. Webapps exploit for php platform |
| id | EDB-ID:1991 |
| last seen | 2016-01-31 |
| modified | 2006-07-07 |
| published | 2006-07-07 |
| reporter | rgod |
| source | https://www.exploit-db.com/download/1991/ |
| title | Pivot <= 1.30 RC2 - Privileges Escalation/Remote Code Execution Exploit |
References
- http://retrogod.altervista.org/pivot_130RC2_xpl.html
- http://retrogod.altervista.org/pivot_130RC2_xpl.html
- http://secunia.com/advisories/20962
- http://secunia.com/advisories/20962
- http://securityreason.com/securityalert/1214
- http://securityreason.com/securityalert/1214
- http://www.osvdb.org/27126
- http://www.osvdb.org/27126
- http://www.securityfocus.com/archive/1/439495/100/0/threaded
- http://www.securityfocus.com/archive/1/439495/100/0/threaded
- http://www.securityfocus.com/bid/18881
- http://www.securityfocus.com/bid/18881
- http://www.vupen.com/english/advisories/2006/2744
- http://www.vupen.com/english/advisories/2006/2744
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27671
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27671