1
I Use This!
Inactive
Analyzed about 23 hours ago. based on code collected 1 day ago.
 

Security

Vulnerabilities per Version

Learn more about BDSAs
 
 

Major Versions

1yr
3yr
5yr
10yr
All
click and drag to zoom
 
 
Security Vulnerabilities for Version:
Severities:
Type
Identifier Related Record Severity Date Published Description Versions Affected
CVE-2017-9332 Medium Jun 06, 2017 The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty more...
2.3.11
CVE-2017-8402 High May 31, 2017 PivotX 2.3.11 allows remote authenticated users to execute arbitrary PHP code via vectors involving an upload of a .htaccess file.
2.3.11
CVE-2017-7570 High Apr 07, 2017 PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg more...
2.3.11
CVE-2017-14958 High Oct 02, 2017 lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload o more...
2.3.11
BDSA-2016-0755 High Nov 15, 2017 PivotX is a tool to create weblogs without the need of a database. It contains a vulnerability within the file upload functionality where there exists more...
BDSA-2016-0753 High Nov 16, 2017 PivotX is a tool to create weblogs without the need of a database. It contains a blind SQL injection vulnerability within the `index.php` file in the v more...
BDSA-2016-0750 Critical Nov 16, 2017 PivotX is a tool to create weblogs without the need of a database. It contains a cross-site scripting (*XSS*) vulnerability due to improperly validati more...
BDSA-2016-0745 Critical Nov 24, 2017 PivotX is a tool to create weblogs without the need of a database. It contains a cross-site request forgery (*CSRF*) and multiple cross-site scripting more...
BDSA-2016-0740 Medium Oct 27, 2017 PivotX CMS is a tool to create weblogs without the need of a database. It contains a relative path traversal vulnerability that allows admins and super more...