CVE-2006-3531

includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier creates the authentication credentials from parameters, which allows remote attackers to obtain privileges and upload arbitrary files via modified (1) pass and (2) session parameters, and (3) pass and (4) userlevel indices of the (a) Pivot_Vars[] or (b) Users[] array parameters.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://retrogod.altervista.org/pivot_130RC2_xpl.html	Exploit
http://www.securityfocus.com/bid/18881	Exploit
http://secunia.com/advisories/20962	Vendor Advisory
http://www.osvdb.org/27126
http://securityreason.com/securityalert/1214
http://www.vupen.com/english/advisories/2006/2744
https://exchange.xforce.ibmcloud.com/vulnerabilities/27671
http://www.securityfocus.com/archive/1/439495/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:pivot:pivot:*:*:*:*:*:*:*:*

Information

Published : 2006-07-12 14:05

Updated : 2018-10-18 09:47

NVD link : CVE-2006-3531

Mitre link : CVE-2006-3531

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

pivot

pivot

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://retrogod.altervista.org/pivot_130RC2_xpl.html", "name": "http://retrogod.altervista.org/pivot_130RC2_xpl.html", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/18881", "name": "18881", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/20962", "name": "20962", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/27126", "name": "27126", "tags": [], "refsource": "OSVDB"}, {"url": "http://securityreason.com/securityalert/1214", "name": "1214", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2006/2744", "name": "ADV-2006-2744", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27671", "name": "pivot-insertimage-file-upload(27671)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/439495/100/0/threaded", "name": "20060707 Pivot <=1.30rc2 privilege escalation / remote commands execution", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier creates the authentication credentials from parameters, which allows remote attackers to obtain privileges and upload arbitrary files via modified (1) pass and (2) session parameters, and (3) pass and (4) userlevel indices of the (a) Pivot_Vars[] or (b) Users[] array parameters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-3531", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-07-12T21:05Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:pivot:pivot:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.30_rc2"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-18T16:47Z"}