Vulnerabilities > CVE-2014-0342 - Arbitrary File Upload vulnerability in PivotX 'fileupload.php'
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .php# extension, and then accessing it via unspecified vectors. Per: http://cwe.mitre.org/data/definitions/434.html "CWE-434: Unrestricted Upload of File with Dangerous Type"
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 18 |
Seebug
bulletinFamily | exploit |
description | Bugtraq ID:66797 CVE ID:CVE-2014-0342 PivotX是一款功能强大的开源博客CMS系统。 PivotX上传检查不正确处理文件名扩展,允许攻击者利用漏洞提交包含危险扩展类型的文件,并以WEB权限执行。 0 PivotX 2.3.8 PivotX 2.3.9版本已修复该漏洞,建议用户下载使用: http://pivotx.net/ |
id | SSV:62196 |
last seen | 2017-11-19 |
modified | 2014-04-16 |
published | 2014-04-16 |
reporter | Root |
title | PivotX 'fileupload.php'任意文件上传漏洞 |