CVE-2009-2134

Pivot 1.40.4 and 1.40.7 - Exposure of Sensitive Information via Invalid URL Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2134. PoCs published by intern0t.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple XSS and HTML injection vulnerabilities in Pivot versions 1.40.4 and 1.40.7. It includes specific vulnerable parameters, attack vectors, and proof-of-concept URLs, but does not contain functional exploit code.

Description

pivot/tb.php in Pivot 1.40.4 and 1.40.7 allows remote attackers to obtain sensitive information via an invalid url parameter, which reveals the installation path in an error message.

Exploits (1)

exploitdb WRITEUP VERIFIED
by intern0t · textwebappsphp
https://www.exploit-db.com/exploits/8941

This is a detailed technical writeup describing multiple XSS and HTML injection vulnerabilities in Pivot versions 1.40.4 and 1.40.7. It includes specific vulnerable parameters, attack vectors, and proof-of-concept URLs, but does not contain functional exploit code.

Classification
Writeup 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Pivot 1.40.4 and 1.40.7
Auth required
Prerequisites: Access to vulnerable Pivot installation · Valid session for some attack vectors
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8941
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/504300/100/0/threaded

Scores

EPSS 0.0250
EPSS Percentile 82.6%

Details

CWE
CWE-200
Status published
Products (2)
pivot/pivot 1.40.4
pivot/pivot 1.40.7
Published Jun 19, 2009
Tracked Since Feb 18, 2026