Hansfn

**Name of the Vulnerable Software and Affected Versions** PivotX version 2.3.11 **Description** The issue concerns the improper blocking of uploads of dangerous file types by admin users in lib.php, allowing remote PHP code execution via an upload of a .php file. **Recommendations** For PivotX version 2.3.11, update to a version that properly blocks uploads of dangerous file types to prevent remote PHP code execution.

**Name of the Vulnerable Software and Affected Versions** PivotX version 2.3.11 **Description** The issue concerns the smarty self function in PivotX, which mishandles the URI. This allows for cross-site scripting (XSS) attacks via vectors involving quotes in the self Smarty tag. **Recommendations** For PivotX version 2.3.11, consider disabling the smarty self function in modules/module smarty.php as a temporary workaround until a patch is available. Restrict access to the self Smarty tag to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PivotX version 2.3.11 **Description** The issue allows remote authenticated users to execute arbitrary PHP code. This can be achieved through vectors involving the upload of a .htaccess file. **Recommendations** For PivotX version 2.3.11, consider restricting file upload capabilities to prevent the execution of arbitrary PHP code until a patch is available. As a temporary workaround, restrict access to the file upload feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PivotX versions prior to 2.3.11 **Description** A cross-site scripting (XSS) issue exists due to insufficient validation of user input in the form method, allowing remote attackers to inject arbitrary web script or HTML. This is related to the `PHP SELF` variable and form actions. **Recommendations** For versions prior to 2.3.11, update to version 2.3.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the form method in modules/formclass.php to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PivotX versions prior to 2.3.11 **Description** The issue allows remote attackers to execute arbitrary code by uploading a crafted file. This is possible because the software does not validate the new file extension when renaming a file with multiple extensions. For example, a file named `foo.php.php` can be used to demonstrate this issue. **Recommendations** For versions prior to 2.3.11, update to version 2.3.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PivotX versions prior to 2.3.11 **Description** The issue allows remote attackers to hijack web sessions. This is achieved via the `sess` parameter in the fileupload.php file. **Recommendations** For versions prior to 2.3.11, update to version 2.3.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the fileupload.php file until the update is applied. Avoid using the `sess` parameter in the affected file until the issue is resolved.