CVE-2006-3531

Pivot 1.30 RC2 - Privilege Escalation

Title source: llm

Description

includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier creates the authentication credentials from parameters, which allows remote attackers to obtain privileges and upload arbitrary files via modified (1) pass and (2) session parameters, and (3) pass and (4) userlevel indices of the (a) Pivot_Vars[] or (b) Users[] array parameters.

Exploits (1)

exploitdb WORKING POC

phpwebappsphp

https://www.exploit-db.com/exploits/1991

View Code ZIP pw:eip

References (8)

[Exploit] http://retrogod.altervista.org/pivot_130RC2_xpl.html

[Vendor Advisory] http://secunia.com/advisories/20962

[Exploit] http://www.securityfocus.com/bid/18881

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/27671

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/439495/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.osvdb.org/27126

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/2744

[Third Party Advisory] http://securityreason.com/securityalert/1214

Scores

EPSS 0.1088

EPSS Percentile 93.4%

Details

Status published

Products (1)

pivot/pivot < 1.30_rc2

Published Jul 12, 2006

Tracked Since Feb 18, 2026