CVE-2006-3531

Exploit

EPSS 9.36%
Veröffentlicht 12.07.2006 21:05:00
Zuletzt bearbeitet 16.06.2026 22:27:15
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier creates the authentication credentials from parameters, which allows remote attackers to obtain privileges and upload arbitrary files via modified (1) pass and (2) session parameters, and (3) pass and (4) userlevel indices of the (a) Pivot_Vars[] or (b) Users[] array parameters.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 11

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pivot ≫ Pivot Version <= 1.30_rc2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	9.36%	0.948

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://retrogod.altervista.org/pivot_130RC2_xpl.html

Exploit

http://secunia.com/advisories/20962

Vendor Advisory

http://securityreason.com/securityalert/1214

http://www.osvdb.org/27126

http://www.securityfocus.com/archive/1/439495/100/0/threaded

http://www.securityfocus.com/bid/18881

Exploit

http://www.vupen.com/english/advisories/2006/2744

https://exchange.xforce.ibmcloud.com/vulnerabilities/27671

https://nvd.nist.gov/vuln/detail/CVE-2006-3531

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-3531

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-3531

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2006-3531