CVE-2006-3531

Pivot 1.30 RC2 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3531.

AI-analyzed exploit summary This exploit leverages a privilege escalation vulnerability in Pivot CMS <= 1.30 RC2 due to improper handling of global variables when register_globals is enabled. It allows remote command execution by manipulating the $Pivot_Vars and $Users arrays to escalate privileges and upload malicious PHP files.

Description

includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier creates the authentication credentials from parameters, which allows remote attackers to obtain privileges and upload arbitrary files via modified (1) pass and (2) session parameters, and (3) pass and (4) userlevel indices of the (a) Pivot_Vars[] or (b) Users[] array parameters.

Exploits (1)

exploitdb WORKING POC

phpwebappsphp

https://www.exploit-db.com/exploits/1991

View Code ZIP pw:eip

This exploit leverages a privilege escalation vulnerability in Pivot CMS <= 1.30 RC2 due to improper handling of global variables when register_globals is enabled. It allows remote command execution by manipulating the $Pivot_Vars and $Users arrays to escalate privileges and upload malicious PHP files.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Pivot CMS <= 1.30 RC2

No auth needed

Prerequisites: register_globals=On · PHP environment

MITRE ATT&CK