Arbitrary PHP Code Execution Vulnerability in PivotX 2.3.11

Arbitrary PHP Code Execution Vulnerability in PivotX 2.3.11

CVE-2017-7570 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension.

Learn more about our User Device Pen Test.