CVE-2006-3532

Pivot 1.30 RC2 - Remote Code Execution via Paths[extensions_path] Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3532.

AI-analyzed exploit summary This exploit leverages a privilege escalation vulnerability in Pivot CMS <= 1.30 RC2 due to improper handling of global variables when register_globals is enabled. It allows remote command execution by manipulating the $Pivot_Vars and $Users arrays to escalate privileges and upload malicious PHP files.

Description

PHP file inclusion vulnerability in includes/edit_new.php in Pivot 1.30 RC2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a FTP URL or full file path in the Paths[extensions_path] parameter.

Exploits (1)

exploitdb WORKING POC

phpwebappsphp

https://www.exploit-db.com/exploits/1991

View Code ZIP pw:eip

This exploit leverages a privilege escalation vulnerability in Pivot CMS <= 1.30 RC2 due to improper handling of global variables when register_globals is enabled. It allows remote command execution by manipulating the $Pivot_Vars and $Users arrays to escalate privileges and upload malicious PHP files.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Pivot CMS <= 1.30 RC2

No auth needed

Prerequisites: register_globals=On · PHP environment

MITRE ATT&CK