Vulnerabilities > CVE-2006-3533 - Input Validation vulnerability in Pivot 1.30Rc2

047910
CVSS 5.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
pivot
exploit available

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.30 RC2 and earlier, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) fg, (2) line1, (3) line2, (4) bg, (5) c1, (6) c2, (7) c3, and (8) c4 parameters in (a) includes/blogroll.php; (9) name and (10) js_name parameters in (b) includes/editor/edit_menu.php; and, even if register_globals is not enabled, the (11) h and (12) w parameters in (c) includes/photo.php.

Vulnerable Configurations

Part Description Count
Application
Pivot
1

Exploit-Db

descriptionPivot <= 1.30 RC2 Privileges Escalation/Remote Code Execution Exploit. CVE-2006-3531,CVE-2006-3532,CVE-2006-3533. Webapps exploit for php platform
idEDB-ID:1991
last seen2016-01-31
modified2006-07-07
published2006-07-07
reporterrgod
sourcehttps://www.exploit-db.com/download/1991/
titlePivot <= 1.30 RC2 - Privileges Escalation/Remote Code Execution Exploit