SB2011020403 - Multiple vulnerabilities in pivotlog.net PivotX
Published: February 4, 2011 Updated: August 11, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2011-0774)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
PivotX before 2.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) includes/ping.php and (2) includes/spamping.php, which reveals the installation path in an error message.
2) Information disclosure (CVE-ID: CVE-2011-0775)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
pivotx/modules/module_image.php in PivotX 2.2.2 allows remote attackers to obtain sensitive information via a non-existent file in the image parameter, which reveals the installation path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Remediation
Install update from vendor's website.
References
- http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released
- http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision&revision=3410
- http://www.htbridge.ch/advisory/path_disclousure_in_pivotx.html
- http://osvdb.org/70675
- http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision&revision=3463
- http://secunia.com/advisories/43041
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64977