CVE-2014-0342

N/A Unknown

Published: April 15, 2014 Modified: May 06, 2026

Description

Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .php# extension, and then accessing it via unspecified vectors.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released

Source: cret@cert.org

http://pivotx.net/page/security

Source: cret@cert.org

http://sourceforge.net/p/pivot-weblog/code/4347/

Source: cret@cert.org

http://www.kb.cert.org/vuls/id/901156

Source: cret@cert.org

US Government Resource

http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released

Source: af854a3a-2127-422b-91ae-364da2661108

http://pivotx.net/page/security

Source: af854a3a-2127-422b-91ae-364da2661108

http://sourceforge.net/p/pivot-weblog/code/4347/

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/901156

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

8 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

1.8%

83th percentile

Exploitation Status

Not in CISA KEV

Affected Vendors

pivotx