Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3531

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3531
Last Modified 07 Mar 2011 09:38:51
Published 12 Jul 2006 05:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3531

Summary

includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier creates the authentication credentials from parameters, which allows remote attackers to obtain privileges and upload arbitrary files via modified (1) pass and (2) session parameters, and (3) pass and (4) userlevel indices of the (a) Pivot_Vars[] or (b) Users[] array parameters.

Vulnerable Systems

Application

  • Pivot 1.30 Rc2


References

VUPEN - ADV-2006-2744

BID - 18881

BUGTRAQ - 20060707 Pivot <=1.30rc2 privilege escalation / remote commands execution

SECUNIA - 20962

MISC - http://retrogod.altervista.org/pivot_130RC2_xpl.html

XF - pivot-insertimage-file-upload(27671)

OSVDB - 27126

SREASON - 1214


Last Updated: 27 May 2016 10:43:02