Vulnerabilities > Pivotx > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-07-08 | CVE-2015-5457 | Improper Input Validation vulnerability in Pivotx PivotX before 2.3.11 does not validate the new file extension when renaming a file with multiple extensions, which allows remote attackers to execute arbitrary code by uploading a crafted file, as demonstrated by a file named foo.php.php. | 7.5 |
| 2014-04-15 | CVE-2014-0342 | Arbitrary File Upload vulnerability in PivotX 'fileupload.php' Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .php# extension, and then accessing it via unspecified vectors. | 7.5 |
| 2011-02-19 | CVE-2011-1035 | Credentials Management vulnerability in Pivotx The password reset in PivotX before 2.2.4 allows remote attackers to modify the passwords of arbitrary users via unspecified vectors. | 7.5 |