CVE-2006-3531

includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier creates the authentication credentials from parameters, which allows remote attackers to obtain privileges and upload arbitrary files via modified (1) pass and (2) session parameters, and (3) pass and (4) userlevel indices of the (a) Pivot_Vars[] or (b) Users[] array parameters.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://retrogod.altervista.org/pivot_130RC2_xpl.html	Exploit
http://secunia.com/advisories/20962	Vendor Advisory
http://securityreason.com/securityalert/1214
http://www.osvdb.org/27126
http://www.securityfocus.com/archive/1/439495/100/0/threaded
http://www.securityfocus.com/bid/18881	Exploit
http://www.vupen.com/english/advisories/2006/2744
https://exchange.xforce.ibmcloud.com/vulnerabilities/27671

Configurations

Configuration 1 (hide)

cpe:2.3:a:pivot:pivot:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-07-12 21:05

Updated : 2024-02-04 16:52

NVD link : CVE-2006-3531

Mitre link : CVE-2006-3531

CVE.ORG link : CVE-2006-3531

JSON object : View

Products Affected

pivot

pivot

CWE

NVD-CWE-Other

{"id": "CVE-2006-3531", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-07-12T21:05:00.000", "references": [{"url": "http://retrogod.altervista.org/pivot_130RC2_xpl.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/20962", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/1214", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/27126", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/439495/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/18881", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/2744", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27671", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier creates the authentication credentials from parameters, which allows remote attackers to obtain privileges and upload arbitrary files via modified (1) pass and (2) session parameters, and (3) pass and (4) userlevel indices of the (a) Pivot_Vars[] or (b) Users[] array parameters."}, {"lang": "es", "value": "includes/editor/insert_image.php en Pivot 1.30 RC2 y anteriores crea las credenciales de autentificaci\u00f3n desde par\u00e1metros que permite a atacantes remotos obtener privilegios para subir archivos a trav\u00e9s de los par\u00e1metros: (1)\"pass\", (2) \"session\", (3) \u00edndices pass y (4) \"userlevel\" de las matrices (a) Pivot_Vars[] o (b) Users[]."}], "lastModified": "2018-10-18T16:47:49.970", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pivot:pivot:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5D86FDA-4903-4AA7-BD63-108D253D8B5C", "versionEndIncluding": "1.30_rc2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}