includes/editor/insert_image.php in Pivot 1.30 RC2 and previous versions creates the authentication credentials from parameters, which allows remote malicious users to obtain privileges and upload arbitrary files via modified (1) pass and (2) session parameters, and (3) pass and (4) userlevel indices of the (a) Pivot_Vars[] or (b) Users[] array parameters.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pivot pivot |