CVE-2017-7570

Name of the Vulnerable Software and Affected Versions PivotX version 2.3.11

Description The issue allows remote authenticated Advanced users to execute arbitrary PHP code. This can be achieved by uploading a file with a safe extension, such as .jpg, and then using the duplicate function to change the file extension to .php.

Recommendations For PivotX version 2.3.11, consider restricting access to the file upload functionality and the duplicate function for Advanced users until a patch is available. As a temporary workaround, avoid using the duplicate function on uploaded files to minimize the risk of exploitation.