CVE-2014-0342
Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .php# extension, and then accessing it via unspecified vectors.
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.0145 (1.5%)
Percentile: 80.9%
EPSS: 2026-05-06
Affects
pivotx:pivotxTechnical description
Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .php# extension, and then accessing it via unspecified vectors.
Published: 4/15/2014, 10:55:11 AM
Last modified: 5/6/2026, 10:30:45 PM
References
- http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released
- http://pivotx.net/page/security
- http://sourceforge.net/p/pivot-weblog/code/4347/
- http://www.kb.cert.org/vuls/id/901156
- http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released
- http://pivotx.net/page/security
- http://sourceforge.net/p/pivot-weblog/code/4347/
- http://www.kb.cert.org/vuls/id/901156