FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

pivotx -- Multiple unrestricted file upload vulnerabilities

Affected packages
pivotx < 2.3.9

Details

VuXML ID 7313b0e3-27b4-11e5-a15a-50af736ef1c0
Discovery 2014-04-15
Entry 2015-07-11

Pivotx reports:

Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .php# extension, and then accessing it via unspecified vectors.

References

CVE Name CVE-2014-0341