Vulnerability Description
Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .php# extension, and then accessing it via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pivotx | Pivotx | <= 2.3.8 |
References
- http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released
- http://pivotx.net/page/security
- http://sourceforge.net/p/pivot-weblog/code/4347/
- http://www.kb.cert.org/vuls/id/901156US Government Resource
- http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released
- http://pivotx.net/page/security
- http://sourceforge.net/p/pivot-weblog/code/4347/
- http://www.kb.cert.org/vuls/id/901156US Government Resource
FAQ
What is CVE-2014-0342?
CVE-2014-0342 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .ph...
How severe is CVE-2014-0342?
CVE-2014-0342 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0342?
Check the references section above for vendor advisories and patch information. Affected products include: Pivotx Pivotx.