Vulnerabilities > Pivotx > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-02 | CVE-2017-14958 | Unrestricted Upload of File with Dangerous Type vulnerability in Pivotx 2.3.11 lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file. | 6.5 |
| 2017-06-06 | CVE-2017-9332 | Cross-site Scripting vulnerability in Pivotx 2.3.11 The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag. | 4.3 |
| 2017-05-31 | CVE-2017-8402 | Code Injection vulnerability in Pivotx 2.3.11 PivotX 2.3.11 allows remote authenticated users to execute arbitrary PHP code via vectors involving an upload of a .htaccess file. | 6.5 |
| 2017-04-07 | CVE-2017-7570 | Code Injection vulnerability in Pivotx 2.3.11 PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension. | 6.5 |
| 2015-07-08 | CVE-2015-5458 | Unspecified vulnerability in Pivotx Session fixation vulnerability in fileupload.php in PivotX before 2.3.11 allows remote attackers to hijack web sessions via the sess parameter. network pivotx | 6.8 |
| 2015-07-08 | CVE-2015-5456 | Cross-site Scripting vulnerability in Pivotx Cross-site scripting (XSS) vulnerability in the form method in modules/formclass.php in PivotX before 2.3.11 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the "PHP_SELF" variable and form actions. | 4.3 |
| 2012-08-13 | CVE-2012-2274 | Cross-Site Scripting vulnerability in Pivotx Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter. | 4.3 |
| 2011-02-04 | CVE-2011-0775 | Information Exposure vulnerability in Pivotx 2.2.2 pivotx/modules/module_image.php in PivotX 2.2.2 allows remote attackers to obtain sensitive information via a non-existent file in the image parameter, which reveals the installation path in an error message. | 5.0 |
| 2011-02-04 | CVE-2011-0774 | Information Exposure vulnerability in Pivotx 2.2.2 PivotX before 2.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) includes/ping.php and (2) includes/spamping.php, which reveals the installation path in an error message. | 5.0 |
| 2011-02-04 | CVE-2011-0773 | Cross-Site Scripting vulnerability in Pivotx Cross-site scripting (XSS) vulnerability in pivotx/modules/module_image.php in PivotX before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the image parameter. | 4.3 |