Multiple vulnerabilities in PivotX
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2017-8402 CVE-2017-7570 CVE-2017-14958 |
| CWE-ID | CWE-434 CWE-399 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
PivotX Web applications / Forum & blogging software |
| Vendor | pivotlog.net |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Unrestricted file upload
EUVDB-ID: #VU6850
Risk: Medium
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-8402
CWE-ID:
CWE-434 - Unrestricted Upload of File with Dangerous Type
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary PHP code on the target system.
The vulnerability exists due to insufficient validation of the uploaded files in "/pivotx/fileupload.php" script. A remote authenticated attacker can upload a specially crafted .htaccess files on the system and use it to execute arbitrary PHP code.
Successful exploitation may allow an attacker to compromise vulnerable website.
Install update from vendor's repository.
PivotX: 2.3.0 - 2.3.11
External linkshttp://sourceforge.net/p/pivot-weblog/code/4489/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource management error
EUVDB-ID: #VU6851
Risk: Medium
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-7570
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary PHP code on the target system.
The vulnerability exists due to insufficient error handling when processing file uploads for files with identical names. A remote authenticated attacker can upload a file with same extension (e.g. ".jpg") and then invoke a duplicate function to change the file extension to .php.
Successful exploitation may allow an attacker to compromise vulnerable website.
Install update from vendor's repository.
PivotX: 2.3.0 - 2.3.11
External linkshttp://gist.github.com/X1nda/749b6aac6e080624d9f8ec81321335df
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Unrestricted file upload
EUVDB-ID: #VU8654
Risk: Low
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-14958
CWE-ID:
CWE-434 - Unrestricted Upload of File with Dangerous Type
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary PHP code on the target system.
The vulnerability exists due to insufficient validation of the uploaded files in "lib.php" script. A remote authenticated administrator can upload and execute arbitrary .php script.
Successful exploitation may allow an attacker to compromise vulnerable website.
Install update from vendor's repository.
https://sourceforge.net/p/pivot-weblog/code/4490/
PivotX: 2.3.0 - 2.3.11
External linkshttp://sourceforge.net/p/pivot-weblog/code/4490/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
