ID de Prueba:	1.3.6.1.4.1.25623.1.0.805938
Categoría:	Web application abuses
Título:	PivotX Multiple Vulnerabilities (Jul 2015)
Resumen:	PivotX is prone to multiple vulnerabilities.
Descripción:	Summary: PivotX is prone to multiple vulnerabilities. Vulnerability Insight: Multiple errors exist as the application - Does not validate input passed via the 'sess' parameter to 'fileupload.php' script. - Does not validate the new file extension when renaming a file with multiple extensions, like foo.php.php. - Does not validate input passed via the form method in modules/formclass.php script. Vulnerability Impact: Successful exploitation will allow remote attackers to hijack web sessions, execute arbitrary code and create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Affected Software/OS: PivotX version 2.3.10 and probably prior. Solution: Upgrade PivotX to version 2.3.11 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5456 BugTraq ID: 75577 http://www.securityfocus.com/bid/75577 Bugtraq: 20150627 Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10 (Google Search) http://www.securityfocus.com/archive/1/535860/100/0/threaded http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/ Common Vulnerability Exposure (CVE) ID: CVE-2015-5457 Common Vulnerability Exposure (CVE) ID: CVE-2015-5458
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.