PivotX prior to 2.3.11 does not validate the new file extension when renaming a file with multiple extensions, which allows remote malicious users to execute arbitrary code by uploading a crafted file, as demonstrated by a file named foo.php.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pivotx pivotx |