Test ID:	1.3.6.1.4.1.25623.1.0.805938
Category:	Web application abuses
Title:	PivotX Multiple Vulnerabilities (Jul 2015)
Summary:	PivotX is prone to multiple vulnerabilities.
Description:	Summary: PivotX is prone to multiple vulnerabilities. Vulnerability Insight: Multiple errors exist as the application - Does not validate input passed via the 'sess' parameter to 'fileupload.php' script. - Does not validate the new file extension when renaming a file with multiple extensions, like foo.php.php. - Does not validate input passed via the form method in modules/formclass.php script. Vulnerability Impact: Successful exploitation will allow remote attackers to hijack web sessions, execute arbitrary code and create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Affected Software/OS: PivotX version 2.3.10 and probably prior. Solution: Upgrade PivotX to version 2.3.11 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5456 BugTraq ID: 75577 http://www.securityfocus.com/bid/75577 Bugtraq: 20150627 Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10 (Google Search) http://www.securityfocus.com/archive/1/535860/100/0/threaded http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/ Common Vulnerability Exposure (CVE) ID: CVE-2015-5457 Common Vulnerability Exposure (CVE) ID: CVE-2015-5458
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.