CVE-2006-3533

Name of the Vulnerable Software and Affected Versions Pivot versions 1.30 RC2 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML via various parameters in different PHP files. The vulnerable parameters include fg, line1, line2, bg, c1, c2, c3, and c4 in "includes/blogroll.php", name and js name in "includes/editor/edit menu.php", and h and w in "includes/photo.php". This can occur when register globals is enabled for the first set of parameters, and even when it is not enabled for the parameters in "includes/photo.php".

Recommendations For Pivot versions 1.30 RC2 and earlier, consider disabling the use of the vulnerable parameters fg, line1, line2, bg, c1, c2, c3, c4, name, js name, h, and w in the respective PHP files until a patch is available. Restrict access to the "includes/blogroll.php", "includes/editor/edit menu.php", and "includes/photo.php" files to minimize the risk of exploitation. Avoid using these parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.