7.5

CVE-2006-3531

Exploit

EPSS 10.88%
Veröffentlicht 12.07.2006 21:05:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier creates the authentication credentials from parameters, which allows remote attackers to obtain privileges and upload arbitrary files via modified (1) pass and (2) session parameters, and (3) pass and (4) userlevel indices of the (a) Pivot_Vars[] or (b) Users[] array parameters.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pivot ≫ Pivot Version <= 1.30_rc2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	10.88%	0.927

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://retrogod.altervista.org/pivot_130RC2_xpl.html

Exploit

http://secunia.com/advisories/20962

Vendor Advisory

http://securityreason.com/securityalert/1214

http://www.osvdb.org/27126

http://www.securityfocus.com/archive/1/439495/100/0/threaded

http://www.securityfocus.com/bid/18881

Exploit

http://www.vupen.com/english/advisories/2006/2744

https://exchange.xforce.ibmcloud.com/vulnerabilities/27671

https://nvd.nist.gov/vuln/detail/CVE-2006-3531

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-3531

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-3531

EUVD