CVE-2014-0342

Name of the Vulnerable Software and Affected Versions PivotX versions prior to 2.3.9

Description The issue allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .php or .php# extension. This can be achieved by accessing the uploaded file via unspecified vectors.

Recommendations For versions prior to 2.3.9, update to version 2.3.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the fileupload.php script to prevent unauthorized file uploads. Additionally, avoid using the file upload feature until the issue is resolved.