Security Advisory

CVE-2006-3531

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2006-07-12 21:00:00

Last updated 2024-08-07 18:30:34

Assigner mitre

State PUBLISHED

Description

includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier creates the authentication credentials from parameters, which allows remote attackers to obtain privileges and upload arbitrary files via modified (1) pass and (2) session parameters, and (3) pass and (4) userlevel indices of the (a) Pivot_Vars[] or (b) Users[] array parameters.

← Browse all CVEs View on cve.org ↗