Arbitrary PHP Code Execution Vulnerability in PivotX 2.3.11
CVE-2017-7570 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:P/A:P
PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension.
Learn more about our User Device Pen Test.