Vulnerability Details CVE-2015-5458
Session fixation vulnerability in fileupload.php in PivotX before 2.3.11 allows remote attackers to hijack web sessions via the sess parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 76.8%
CVSS Severity
CVSS v2 Score 6.8
References
- http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released
- http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html
- http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/
- http://sourceforge.net/p/pivot-weblog/code/4450/tree//branches/2.3.x/pivotx/fileupload.php?diff=51a4cb5e34309d75c0d1612a:4449
- http://www.securityfocus.com/archive/1/535860/100/0/threaded
- http://www.securityfocus.com/bid/75577
- http://blog.pivotx.net/archive/2015/06/21/pivotx-2311-released
- http://packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html
- http://software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/
- http://sourceforge.net/p/pivot-weblog/code/4450/tree//branches/2.3.x/pivotx/fileupload.php?diff=51a4cb5e34309d75c0d1612a:4449
- http://www.securityfocus.com/archive/1/535860/100/0/threaded
- http://www.securityfocus.com/bid/75577
Products affected by CVE-2015-5458
-
cpe:2.3:a:pivotx:pivotx:2.1.0
-
cpe:2.3:a:pivotx:pivotx:2.1.1
-
cpe:2.3:a:pivotx:pivotx:2.1.2
-
cpe:2.3:a:pivotx:pivotx:2.2.0
-
cpe:2.3:a:pivotx:pivotx:2.2.1
-
cpe:2.3:a:pivotx:pivotx:2.2.2
-
cpe:2.3:a:pivotx:pivotx:2.2.3
-
cpe:2.3:a:pivotx:pivotx:2.2.5
-
cpe:2.3:a:pivotx:pivotx:2.3.0
-
cpe:2.3:a:pivotx:pivotx:2.3.10
-
cpe:2.3:a:pivotx:pivotx:2.3.2
-
cpe:2.3:a:pivotx:pivotx:2.3.3
-
cpe:2.3:a:pivotx:pivotx:2.3.5
-
cpe:2.3:a:pivotx:pivotx:2.3.6
-
cpe:2.3:a:pivotx:pivotx:2.3.7
-
cpe:2.3:a:pivotx:pivotx:2.3.8
-
cpe:2.3:a:pivotx:pivotx:2.3.9